A new strain of ransomware, a Petya-esque variant being called Petya/NotPetya, is swiftly spreading across the globe today, impacting tens of thousands of computers as of 2:00 p.m., PST. More powerful, professional, and dangerous than last month’s WanaCrypt0r attack, the Petya-esque ransomware uses the same EternalBlue exploit to target vulnerabilities in Microsoft’s operating system. However, unlike WanaCrypt0r, this ransomware instructs you to reboot your computer and then locks up your entire system. Long story short: if you get this infection, you’re hosed.
We’re alerting you to reassure you that if you’re currently using the premium version (or the premium trial) of Malwarebytes with real-time protection turned on, you are protected from this threat. Our premium technology blocks the Peyta-inspired ransomware before it can encrypt your system. (The free version of Malwarebytes, however, does not protect you against this attack. To see which version you have, open up your Malwarebytes software and look for the version name at the top of the window.)
If you’re not currently using the premium version of Malwarebytes, we recommend that you update your Microsoft Windows software immediately. Microsoft released a patch for this vulnerability in March. You may access the patch here. We also recommend you be extra vigilant about opening emails, as one suspected method for spreading this infection is through infected Office documents delivered via spam.
If you’re thinking about paying the ransom for this threat ($300 in Bitcoin per PC)—don’t bother. The email service that hosted the address where victims were instructed to send payment has closed the account. So at this point trying to pay the ransom will result in a returned email. However, the attackers may provide their victims with alternative forms of payment transactions.
Cyberattacks at a global scale seem to be happening more and more frequently. At Malwarebytes, we pledge to keep our customers and readers informed. Your safety is our number one priority.
The Malwarebytes team
P.S. Learn more about this threat here.