A new Ramsomware virus attack is underway, of the same type as the famous WannaCry that infected more than 200,000 computers and 150 countries last month. It already affected Romania, Russia, Spain, India, the United Kingdom and the United States through the drug Merk.
The virus is a variant of the already known Petya and differs from others of its type because it is not limited to encrypting the files of the victim one by one, but is housed in the Main Table of Files (MFT by its abbreviations in English) ) And rewrites the master boot record (MBR) making it impossible to restart the computer. Users report that even security patches can be compromised.
Apparently exploits vulnerabilities already announced but unresolved Windows operating systems, at the time of the attack, the victim receives a message, very similar to WannaCry, stating that their files have been hijacked and must transfer the amount of 300 US $ In bitcoins in return to return, via email, a key that frees the encryption.
So far, Russian oil company Rosineft, Ukrainian Kyivenergo and Ukrenergo power companies, mining company Evraz, Boryspil airport, and telecoms companies Kyivstar, LifeCell, Ukrtelecom, and Oschadbank and NBU banks in that country are reported to be infected. Pharmaceuticals Merk and Mondelez International, both from the United States, announced that their teams had also been victims. In addition to the company A.P. Moller - Maersk based in Copenhagen and the German subway system. The WPP advertising company in the United Kingdom and the Spanish chapter of the law firm DLA Piper. Between at least 100 companies worldwide.
By the time of writing this note, the kidnappers had received the payment of 29 people, for the equivalent of just over 3 BTC.
For now, the main thing is to stay calm and protect yourself with basic measures, valid for any ramsomware:
Always suspect unwanted or requested files via email
Never click on links within emails that the source does not know
Keep a backup routine of valuable files on an external device that is not always connected to your machine
Keep a good antivirus updated
Surf the internet safely and sensibly
IF YOU HAVE BEEN A VICTIM OF THE ATTACK:
Isolate infected devices from the network as soon as possible
Before the hijacking process is completed, the machine will reboot and a message will appear stating that the disks are being "repaired", turn off or turn off the computers before the scan is complete.
Restore backups, make sure you have installed the recommended Microsoft patch for this specific virus, and wait for confirmation that it is safe before you reconnect the system to the network