28 Jun 2017

TLP Rating: White

NotPetya ransomware campaign targeting Microsoft Windows computers

Published 2.50pm

A new ransomware campaign referred to as NotPetya (originally reported as Petya) is affecting Microsoft Windows devices globally.

To protect your network, it’s critical to ensure that the software on all devices is fully up date. CERT NZ also strongly recommend that affected parties do not pay the ransom, our understanding is that files are not being recovered, even in instances where the ransom is paid.

In many ways, this ransomware is behaving similarly to WannaCry — it infects unpatched Windows devices by exploiting a software vulnerability. If NotPetya infects a device, it will encrypt the hard drive, demanding a ransom is paid to regain access to the device.

A point of difference that this ransomware has from WannaCry is that once a single computer in a network is infected, the program looks for other computers on the network and infects them as well — even when they’re fully up to date.

CERT NZ strongly recommends that the ransom is not paid, under any circumstances. At least one email address used to communicate with the attackers has been taken down, and subsequent email addresses are likely to be taken down as well. In this case, this means that you will not be able to recover your files, even if the ransom is paid.

Read more about EternalBlue External Link