‘WannaCry’s bad cousin’ is the new ransomware in town

There’s no kill switch this time.

Russian oil company Rosneft, Ukrainian banks, Kiev Airport, shipping giant Maersk, pharmaceutical company Merck, global advertising agency WPP, US law firm DLA Piper and the Chernobyl nuclear reactor are among its victims.

“That means that the attacker can not extract any decryption information from such a randomly generated string displayed on the victim, and as a result, the victims will not be able to decrypt any of the encrypted disks using the installation ID”, the pair said. In this instance, hackers are asking for $300 worth of Bitcoin.

Originally thought to be a strain of the Petya virus, initial reports focused on its similarities to the WannaCry ransomware which infected computers last month.

Security researcher Kevin Beaumont pointed out another difference. And he said it would probably be worse than WannaCry. We saw the first infections in Ukraine, where more than 12,500 machines encountered the threat.

This cyberattack spreads similarly to the WannaCry attack from May, using an exploit dubbed “EternalBlue” in Microsoft’s Server Message Block (SMB v1) protocol. That’s where the malware takes an edge over ransomwares like Wannacry.

“It’s pretty clear that this attack was inspired by WannaCry”, said Gavin O’Gorman, an intelligence analyst at Symantec, a cybersecurity company.

Researchers are still analysing samples of malicious code and arguing about its origins. As more effective methods of intrusion are developed, malware creators begin incorporating these all into their works.

“If you’re a journalist writing about this, remember this worm spreads based on a vulnerability NSA kept unfixed for years”, Snowden said via Twitter.

Protection software is essential, specially if you are using Windows. Instead, get an external hard drive, or purchase space on cloud services and back up your computer on a frequent basis.

It also spread using MeDoc.

Once the ransomware infects a machine, it then attempts to spread itself to other PCs on the network.

“Heritage Valley Health System officials confirmed the ransomware attack on its systems “[had] been identified as the same ransomware attack that affected a number of organizations globally” the same day, TribLive.com reports.

“While it has several strings similar to Petya, it possesses entirely different functionality”, said Kaspersky, which called the malware “ExPetr” and “NotPetya”.