Tuesday, June 27, 2017

To Patchnya, or Not to Patchnya


Heads-up: there's another ransomware worm making the rounds. Initially thought to be a variant of the Petya ransomware family, it was later determined to be something entirely different, and has been dubbed "NotPetya" in many tweets and reports.

Like the WannaCry worm that made such a splash in May, it exploits a (now-patched) vulnerability in the Windows file sharing protocol known as SMB. Unlike WannaCry, it also harvests credentials from compromised systems, then uses standard Windows administration tools such as WMIC and psexec to spread within an organization.