5 Ransomware viruses spreading around the world.

Here are the 5 ransomware viruses and variants spreading around the world.

1) WannaCry Déjà Vu Ransomware (Copycat from few months ago with NO kill switch meaning no stopping it) – Same exploit as the other one but with 2 more UNKNOWN vectors. Your systems should have been patched already since the last major attack.
2) GoldenEye Ransomware – Seems to be spreading through open networks and ports 139, 445.
3) Petya Ransomware (Variant to #1) – Spreads through email through OFFICE documents (Word, excel, etc)
4) Reetner Ransomware – Spreading through email with accounting software files, quickbooks, sage, and many others. However, easy to not open any file but your own.
5) Kryptonite Ransomware – Not much is known just yet. Seems to be in its infancy.

 

These ransomware combined has taken most of Europe businesses. UK, Ukraine, India, Netherlands, Spain, Denmark, and many others thus far are reported. Honda has been hit by Deja Vu. Merck has been hit by Goldeneye. Chernobyl’s radiation monitoring system, DLA Piper law firm, numerous banks, an airport, the Kiev metro, energy company called Maersk, British advertiser WPP, and Russian oil industry company Rosnoft.

 

As of writing this article, currently NO Antivirus is finding them all. However, perimeter security seems to have stopped most of them which is part of a generation 6 firewall. Also antivirus may be setup to STOP the encryption process but it will NOT remove the virus. If you are not sure, ask your IT person or company what generation firewall you have and if you are paying for the security package. The firewall MUST be configured PROPERLY!

 

If you are a home user, be very careful of the email ATTACHMENTS or LINKS you open. Even if you recognize the person sending it, call them and verify to make sure they sent you whatever email if it seems suspicious to you. Make sure your PC is patched and up to date on all windows and MAC updates as well as your software is patched. Be careful patching from unknown third party websites!

 

Petya Encryption Screen
TURN PC OFF IF YOU SEE THIS SCREEN!

One of the signs that you are infected: the computer will start rebooting on its own as it injects the code into the operating system. Since a rootkit is embedded, the system is completely compromised regardless of any security solutions in place. If your PC starts rebooting on its own, keep it turned off and have someone look at it before it encrypts all of the data on your system and spreads to the network. Many IT companies have put detection’s in place to look for the encryption process on the network and its shares and to kill it but stealing the data is just as bad as losing it. Some of the ransomware will upload a copy of the data off-site to release on open source communities.

 

 

Since Petya Ransomware is also taking advantage of WMIC and PSEXEC tools to infect fully-patched Windows computers, you are also advised to disable WMIC (Windows Management Instrumentation Command-line).

 

If you are concerned that your network is vulnerable, give us a call right away, and we will be able to do a security assessment.

 

Don’t Pay the Ransom, You Won’t Get Your Files Back

Infected users are advised not to pay the ransom because hackers behind Petya ransomware can’t get your emails anymore.

Posteo, the German email provider, has suspended the email address i.e. wowsmith123456@posteo.net, which was behind used by the criminals to communicate with victims after getting the ransom to send the decryption keys.

At the time of writing, 23 victims have paid in Bitcoin to ‘1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX‘ address for decrypting their files infected by Petya, which total roughly $6775.