NotPetya ransomware has affected hundreds of organizations across Europe and across the world.
Since we discovered the attack, our team has been quite busy. In addition to discovering a kill switch that stops NotPetya in it’s tracks we’ve also:
NotPetya encrypts files only after the machine is rebooted - unlike most ransomware that encrypts files as soon as it executes. NotPetya spreads throughout the network, extracts admin credentials, and schedules a task to reboot the machine. As soon as a victim reboots their machine, NotPetya overwrites the Master Boot Record (MBR) with a malicious payload that encrypts the full disk.
Cybereason collects and analyzes behavioral data to identify if and when malicious activity occurs in an environment. In the case of NotPetya and other MBR-based ransomware, the solution detects malicious activity that attempts to affect the MBR. If a protected machine is infected with NotPetya, Cybereason will detect the activity and block NotPetya from encrypting any data. An infected machine will still be rebooted, but Cybereason will restore the original MBR to annihilate NotPetya’s ability to succeed.
Download RansomFree for free ransomware protection.
Lital is a Marketing Team Leader, Storyteller, Technology Marketing Expert. She joined Cybereason as the first marketing hire and built a full marketing department. Specializing in brand building, product marketing, communication and content. Passionate about building ROI-driven marketing teams.
Cybereason discovered an undocumented RAT dubbed StrifeWater attributed to Iranian APT Moses Staff who deploy destructive ransomware following network infiltration and the exfiltration of sensitive data...
Cybereason discovered a new toolset developed by Iranian APT Phosphorus which revealed a connection to Memento ransomware and includes the newly discovered PowerLess Backdoor that evades detection by running PowerShell in a .NET context...
