As you have probably seen on the news, a global WannaCry-like ransomware outbreak, which began in Russia and Ukraine and spread across Europe, was being reported yesterday. The attack is locking down networks in a number of industries, including energy, transportation and finance.
Reports suggest that ransomware is similar in scope and intensity to WannaCry and could be spreading using the same leaked NSA EternalBlue exploit that WannaCry used in early May to infect machines in more than 150 countries. Security experts are still trying to determine what type of ransomware is being distributed.
Early theories pointed at Petya while others say the ransomware may be a new strain yet to be identified.
Although some of the security agencies are reporting it as a “new ransomware we haven’t seen before.” As yet there is no official information on its origin, but like the previous outbreak back in May, it will encrypt your files and request a ransom to restore them.
- Make sure that your computers are running the most recent update of Microsoft’s software which should ensure you are safe from the attack.
- Check you have installed the latest version of Windows.
- Refrain from clicking on any malicious links.
It does not seem to affect Linux or Apple platforms.
What to do if you’re a victim - should you pay the ransom?
Victims are advised to never pay the ransom as it encourages the attackers. Even if victims do pay there is also no guarantee that all files will be returned to them intact.
Instead, the best thing to do is restore all files from a back-up. If this isn’t possible, please contact us, and we can assist you.
German email provider, Posteo, which hosts the email address provided in the ransom note, wowsmith123456@posteo(.)net, has shut down the attacker’s account. Victims are being advised not to pay as there is no way for the attacker to deliver the decription key, even if the $300 demand in Bitcoin is arranged.
Stefan, Head of Cyber Security