New Ransomware Outbreak

  • Brandon Maxwell
  • June 28, 2017

A new ransomware has hit as least 65 countries beginning on Tuesday, June 27, 2017. The ransomware was first attributed as a variant of the ransomware Petya, however some researchers such as Kaspersky Labs claim this is a new ransomware that has not been seen before.

The initial infection appears to have originated in the update process for a Ukrainian based tax accounting software. Besides exploiting the SMB vulnerabilities used in WannaCry, which was patched in the security update MS17-010, the ransomware variant attempts to steal administrative credentials using a tool similar to Mimikatz. This would allow the ransomware to spread to patched hosts with PsExec or WMIC using the stolen credentials.

Datica’s systems remain unaffected by this ransomware outbreak. We detailed our security status in our WannaCry blog post in May, which included that our systems were timely patched with MS17-010 in March, 2017. Datica also requires isolation between customer environments, enforced password rotation, and regular anti-virus updates/scans.