Petya and Weaponized Malware: Is Ransomware the New DDoS Attack?
Yesterday, Ivanti hosted a webinar focused on the latest global ransomware attack based on “Petya” malware. The featured speakers were Chris Goettl, Manager of Product Management for Security, and Phil Richards, Chief Security Officer at Ivanti. Amber Boehm, Manager of Product Marketing, moderated and fielded questions. Herewith, some key takeaways from the webinar.
How this Petya attack got started
In Ukraine, where the latest Petya attack has been most severe, there are only two companies through which other companies can file their taxes. Attackers were able to load malware into an update issued by M.E.Doc, one of those two tax-filing companies. This was likely the “opening salvo” of the current Petya attack, Chris Goettl said.
How the attack spread
Like the original Petya attack, the latest version encrypts the Windows Master Boot Record (MBR). It then schedules a reboot of the infected system, instead of rebooting immediately, after which system files are encrypted. The delayed reboot gives the attackers time to use that system as a “launch pad” to reach out to other connected systems.
Read the entire article here, Petya and Weaponized Malware: Is Ransomware the New DDoS Attack?
via the fine folks at Ivanti.