贵湖华人网
地产经纪 Lisa Chou
地产经纪
地产经纪 李德军Roy  Li
吴泽宇律师事务所
北美华人新生活
许鹏牙科诊所
万通电讯
金房地产
地产经纪  Dennis Xu
第一阳光地产经纪公司
会计师 Tony Zhang
广告招租
广告招租

圭尔夫华人网 - 圭尔夫(贵湖)华人中文门户网站

 找回密码
 注册

Kaspersky Lab: new ransomware attack 'likely to grow even more'

2017-6-29 04:07| 发布者: leedell| 查看: 24| 评论: 0|来自: Xinhua

摘要: Kaspersky Lab said Wednesday that the new ransomware attack that started a day ago "is likely to grow even more." In an updated blog posting, the multinational cybersecurity and anti-virus services p ...

Kaspersky Lab said Wednesday that the new ransomware attack that started a day ago "is likely to grow even more."

In an updated blog posting, the multinational cybersecurity and anti-virus services provider said its experts concluded that the new malware is significantly different from all earlier known versions of Petya, a family of encrypting ransomware that was first discovered in 2016.

Petya targets Microsoft Windows-based software systems, infecting the master boot record to execute a payload that encrypts the file table with the New Technology File System (NTFS) format, which is used by current Windows versions for storing and retrieving files on a hard disk or other data storage devices, demanding a payment in Bitcoin in order to regain access to the system.

Unofficially, the author of the posting noted, "we've named it ExPetr or NotPetya."

"The attack appears to be complex, involving several attack vectors," according to the posting. "We can confirm that a modified EternalBlue exploit is used for propagation, at least within corporate networks."

EternalBlue, generally believed to have been developed by the U.S. National Security Agency (NSA) to exploit a vulnerability in Microsoft's implementation of the Server Message Block (SMB) protocol, was made available on the internet by the Shadow Brokers hacker group on April 14.

Although it was patched by Microsoft on March 14, EternalBlue was used as part of the worldwide WannaCry ransomware attack on May 12.

As in the WannaCry case, the attacker behind the new ransomware tried to extort payment equivalent to 300 U.S. dollars in Bitcoin, a cryptocurrency, from its victims for what the attacker called a "decryption key."

However, notifying it does not advocate paying the ransom, Kaspersky Lab said German email service provider Posteo has already shut down the email address that victims were supposed to use to contact blackmailers and send Bitcoins, and from which they would receive decryption keys; therefore, with the email address blocked, victims won't be able to pay the criminals or get their files back.

While the cybercriminals behind the new ransomware target mostly big enterprises, and home users seem to be less affected by the threat, Kaspersky Lab recommends its customers to back up data, manually update the antivirus databases and install all security updates for Windows.

最新评论

时代商务
时代商务
爱书书店
安妮理发
牙医
广告招租
广告招租

广告合作(Contact Us)|关于我们|小黑屋|手机版|Archiver|圭尔夫华人网

GMT-5, 2024-11-25 22:43

Powered by Discuz! X3.4 Licensed

Copyright © 2001-2021, Tencent Cloud.

返回顶部