Yesterday on 28/7/2017 , a new ransomware variant known as Petya began sweeping across the globe, impacting a wide range of industries and organizations,
impacting a wide range of industries and organizations, including critical infrastructure such as energy, banking, and transportation systems.
This variant is part of a new wave of multi-vector ransomware attacks that Fortinet is calling “ransomworm”, which takes advantage of timely exploits. The ransomworm is designed to move across multiple systems automatically, rather than stay in one place. It appears that the Petya ransomworm is using similar current vulnerabilities that were exploited during the recent Wannacry attack.
This variant, however, rather than focusing on a single organization, uses a broad-brush approach that targets any device it can find that its attached worm is able to exploit. It appears that this attack started with the distribution of an Excel document that exploits a known Microsoft Office exploit. Because additional attack vectors were used in this exploit, patching alone would have been inadequate to completely stop this exploit, which means that patching needs to be combined with good security tools and practices
Fortinet customers were protected from all attack vectors, as they were detected and blocked by our ATP, IPS, and NGFW solutions. In addition, our AV team issued a new antivirus signature within a few hours of the discovery to enhance the first line of defense.