Petya - Infoblox Threat Center | DDI (DNS, DHCP, and IPAM) | Infoblox
Select Page

NotPetya

A Ransomware That Spreads Like a Worm

A new type of ransomware started infecting organizations and spread to more than 12,000 systems in Europe and into the Americas on June 27, 2017. This attack was initially thought to be a variant of Petya ransomware. However upon further analysis, it was found to be a new ransomware variant, NotPetya. It started spreading across networks using Windows Management Instrumentation Command-line (WMIC) or the Microsoft Server Message Block (SMB) exploit known as ETERNALBLUE.

Once NotPetya infects a system, it sets up encryption routines and attempts to spread over the network. It also attempts to extract cached user credentials from the original infected machine and propagates using WMIC. NotPetya doesn’t use a killswitch domain and encryption will happen irrespective of whether the infected system is in an isolated environment or connected to the Internet. As with all ransomware, the end goal is to lock up the files on infected machines and demand a ransom to retrieve the data.

Prevent ransomware
Prevent ransomware

A new type of ransomware started infecting organizations and spread to more than 12,000 systems in Europe and into the Americas on June 27, 2017. This attack was initially thought to be a variant of Petya ransomware. However upon further analysis, it was found to be a new ransomware variant, NotPetya. It started spreading across networks using Windows Management Instrumentation Command-line (WMIC) or the Microsoft Server Message Block (SMB) exploit known as ETERNALBLUE.

Once NotPetya infects a system, it sets up encryption routines and attempts to spread over the network. It also attempts to extract cached user credentials from the original infected machine and propagates using WMIC. NotPetya doesn’t use a killswitch domain and encryption will happen irrespective of whether the infected system is in an isolated environment or connected to the Internet. As with all ransomware, the end goal is to lock up the files on infected machines and demand a ransom to retrieve the data.

THE RISE OF AN OLD THREAT

2016 Ransomware remerges as a leading threat
$1B  Payout to ransomware criminals in 2016
6,000%  Increase in ransomware-infected emails in 2017 vs. 2016
#1 Delivery vehicle for ransomware: phishing email attachments

HOW INFOBLOX CAN HELP DEFEAT RANSOMWARE

Visibility into DNS activity to help detect malicious communications to killswitch domainsVisibility into DNS activity to help detect malicious communications to bad domains.
Download ActiveTrust Eval Now »

DNS Response Policy Zone (RPZ) to block communications to C&C servers.DNS Response Policy Zone (RPZ) to block communications to C&C servers.
Download ActiveTrust Cloud Eval Now »

Curated and updated threat intelligence to stay on top of new and evolving threatsCurated and updated threat intelligence to stay on top of new and evolving threats.
Read Solution Note »

DHCP and IPAM for discovering what’s on your networkDHCP and IPAM for discovering what’s on your network.
Download DDI Eval »

Sharing information with your existing security tools to rapidly contain threatsSharing information with your existing security tools to rapidly contain threats.
Learn More on Security Ecosystem »

Actionable Network Intelligence including contextual information on malicious activityActionable Network Intelligence including contextual information on malicious activity.
Learn More on Actionable Network Intelligence »

Find Out if Malware Is Lurking in Your Network.

[contact-form-7 id="10507" title="Contact form 1"]