Posts

Showing posts with the label Petya Ransomware

Huge "PETYA" Cyber Attack

A new Ransomware attack has been detected and is in progress. Few information is available right now ; the investigation is still in progress. This alert will be updated when further information will be available. Description *********** Several information report this ransomware as a variant of Petya and Misha (also known as GoldenEye). The actual main targets are in Ukraine and Russia. Only few sample have been recently detected in France. There are verified facts: - it uses EternalBlue as an attack vector (CVE-2017-0143 [3]) - spreading via SMB post-exploitation Post-exploitation, the ransomware perform the following actions:  * downloads the main binary at hxxp://185[.]165[.]29[.]78/~alex/svchost[.]exe  * clears the windows event log using Wevtutil (wevtutil cl Setup & wevtutil cl System & wevtutil cl Security & wevtutil cl Application & fsutil usn deletejournal /D %c:) - writes a message to the raw disk partition - reboot the syste