Knowledge

6/28/2017

2 Facts about the New Cryptolocker Ransom.Petya

A brief message from the Digital Edge Security Team

  1. All Digital Edge’s clients are patched and safe. If you are not Digital Edge client and feel that you may need assistance please contact us
  2. If you are affected by Ransom.Petya, do not pay the ransom and speak immediately to the Digital Edge Security Team. Further analysis of the cryptolocker, revealed that data retrieval is possible without paying ransom. Please contact our Security Team if you need an assistance with recovering and removing Ransom.Petya. 

 

More information:

The initial infection happened through infected accounting software MeDoc. The virus was delivered through MeDoc’s auto-update functionality. 

Additional infection may happen through emails with a link to malicious software.  

It further propagates through the network using the same SMB exploit that WannaCry used – EternalBlue recorded as CVE-2017-0144.

The trojan encrypts MBR record and MAY or MAY NOT encrypt other files. If the trojan encrypts MBR record only, the recovery is possible and very likely. 

Please contact the Digital Edge Security Team if you need any assistance.