30/06/17 | Security
Reputable anti-virus vendors have begun to release signature files capable of stopping and detecting this new variant.
Based on information known at this time, this latest ransomware shares code similar to the previously identified malware known as Petya. It is now considered a variant, and additional variants may soon be detected.Analysis by numerous organisations has confirmed that initial infection occurs during a software update of the Medoc accounting software package, widely used throughout Ukraine. Once it has infected a host, the malware attempts to spread laterally to other machines through either harvesting and using credentials from the infected machine, or through exploitation of the ETERNALBLUE and ETERNALROMANCE vulnerabilities on other connected systems.
Systems patched with MS17-010 are not vulnerable to this secondary attempt at lateral movement, but remain susceptible to the usage of harvested credentials. To reduce their exposure to this threat, customers are advised to ensure that these patches are deployed throughout their Windows environment.