petya


Globally operating financial services firms have to be aware of new cybersecurity regulations and how they affect their business in order to navigate data rules and remain compliant, especially as they conduct business across borders. Compliance is especially crucial as the punishments for noncompliance typically include large fines. Below are some of the most recent implemented or proposed cybersecurity regulations that will affect financial services firms. [Read More]
by RSS Drew Del Matto  |  Dec 05, 2017  |  Filed in: Business and Technology, Industry Trends
The healthcare sector has undergone dramatic changes in the past several years, primarily spurred by the adoption of new medical technology. Beginning with the adoption of electronic health records (EHRs) and continuing on into the increased use of medical applications, online patient portals, connected devices, and wearables, the healthcare sector has been capitalizing on digital advancements to improve overall patient experiences and outcomes. This effort has been well received by patients and physicians alike, as it simplifies communication... [Read More]
by RSS Susan Biddle  |  Oct 13, 2017  |  Filed in: Industry Trends
The healthcare sector has been under increasing attack from cybercriminals with a variety of tactics and motivations. In fact, cyberattacks targeting healthcare providers increased 63 percent in 2016. The increased attention cybercriminals are giving the healthcare space is not surprising. The protected health information and other personally identifiable information (PII) that healthcare practices store about their patients is exactly the type of data that is easily monetized. Once cybercriminals breach healthcare networks and exfiltrate patient... [Read More]
by RSS Susan Biddle  |  Sep 15, 2017  |  Filed in: Industry Trends
There have already been a lot of write-ups for the NotPetya malware. This article is just a supplement for what is already out there. Our focus is to highlight some key differences between a previous strain of the Petya ransomware and the malware that scared everyone a few weeks ago, which is now sometimes being referred to as NotPetya. I posted a blog post a couple of months ago about the MBR (Master Boot Record) infected by Petya. I explained how the ransomware infected the boot process and how it executed its own kernel code. In this post,... [Read More]
by RSS Raul Alvarez  |  Jul 09, 2017  |  Filed in: Security Research
Last week we started our technical analysis on Petya (also called NotPetya) and its so-called “killswitch.” In that blog post we mentioned that Petya looks for a file in the Windows folder that has the same filename (no extension) as itself (for example: C:\Windows\Petya). If it exists, it terminates by calling ExitProcess. If it doesn't exist, it creates a file with the attribute DELETE_ON_CLOSE. This seems to imply that instead of a killswitch, this file is meant to be a marker to check and see if the system has already been infected. After... [Read More]
by RSS Gabriel Hung and Margarette Joven  |  Jul 09, 2017  |  Filed in: Security Research
By now, you will have all heard about the rampant spread of ransomware through countless press pieces, blog articles, and far too often, the outrageous claims of some security vendors. But let’s stop and think for a minute or two. How did these attacks happen? Are companies focusing on valid threats, fixing the right problems, or developing correct processes? Have so-called disruptive technologies disrupted our thinking? Let’s not go tactical. Instead, we need to consider, “what is our best strategy?” Ever since the... [Read More]
by RSS Michael Xie  |  Jul 06, 2017  |  Filed in: Industry Trends
This past year, cybercriminals have upped the stakes once again with the high profile, global attacks of Mirai, Wannacry, and Petya, launched one after the other. Of course, large-scale attacks aren’t new. Attacks like the ILOVEYOU worm and Code Red and Nimda were massive attacks, some of which affected exponentially more devices and organizations that this latest round of attacks. The spread of WannaCry and Petya were quickly curbed unlike these worms of the past. But this isn’t just about scale. Unlike in years past, the new digital... [Read More]
by RSS Derek Manky  |  Jul 03, 2017  |  Filed in: Industry Trends, Security Research
Yesterday, a new ransomware wreaked havoc across the world. This new malware variant, which combines the functionality of ransomware with the behaviors of a worm, is being called Petya, Petrwrap, and even NotPetya, since researchers are still investigating as to whether its ability to modify the Master Boot Record of a targeted machine is based on the Petya family of malware. Fortinet has designated this new hybrid form of malware as a ransomworm, and this outbreak was reported to use the same worm mechanism to spread across the Internet as WannaCry,... [Read More]
by RSS Margarette Joven  |  Jun 28, 2017  |  Filed in: Security Research
We are currently tracking a new ransomware variant sweeping across the globe known as Petya. It is currently having an impact on a wide range of industries and organizations, including critical infrastructure such as energy, banking, and transportation systems. This is a new generation of ransomware designed to take advantage of timely exploits. This current version is targeting the same vulnerabilities that we exploited during the recent Wannacry attack this past May. This latest attack, known as Petya, is something we are referring to as... [Read More]
by RSS Aamir Lakhani  |  Jun 27, 2017  |  Filed in: Security Research
Since its discovery in early 2016, we have tracked a number variations of Petya, a ransomware variant famous for multi-stage encryption that not only locks your computer, but also overwrites the Master Boot Record. Petya continues to persist, and in this blog we will take a deeper look at its more complex second stage of attack. Petya overwrites the Master Boot Record (MBR), along with its neighboring sectors using its boot code and a small kernel code. The MBR contains the master boot code, the partition table,... [Read More]
by RSS Raul Alvarez  |  Feb 01, 2017  |  Filed in: Security Research