Reports are circulating of another ransomware outbreak that started infecting in Russia and Ukraine on June 27th, 2017. A few businesses across the States have also been affected. Originally, the ransomware was thought to be Petya, which initially started infecting in 2016, but after further investigation of the code, it is now being called NotPetya. So what do we know so far about NotPetya?
1. It’s using a modified version of the NSA’s leaked EternalBlue SMB exploit, the same exploit used in WannaCry.
2. Its goal is to exploit any machine with local administrative user access that will enable the ransomware free reign over the infected computer, encrypting files on the PC and mapped drives. Please remove local administrative user access as a countermeasure step.
3. DON’T GET OUT YOUR BITCOIN -The email address the ransomware asks you to contact once you hand over the $300 Bitcoin has been blocked by the provider! There’s no way to get the key to restore your files, so there’s no use in paying.
Currently, just over 30 different victims have paid the Bitcoin ransom in hopes of getting their data back, but since communication has been completely shut down via the email provider, those that have already paid will be out of luck.
May your backups be ever in your favor,