Microsoft on Tuesday confirmed some initial infections in the Petya ransomware attacks occurred via Ukraine-based tax accounting software firm M.E.Doc, which develops MEDoc.
The finding solves part of the mystery surrounding yesterday's huge ransomware outbreakthat hit industry giants like shipping firm Maersk, but took a particularly heavily toll on organizations in the Ukraine, including banks, energy companies and even Kiev's main airport.
Security researchers speculated a corrupted MEDoc updater was the initial infection vector. However, Microsoft now says it has solid evidence that at least some infections were due to a software supply-chain attack that started with a legitimate MEDoc updater process.
...
I just shake my head that there are still systems out there that either don't get patched, or don't run host firewalls to block the spread of this stuff. Microsoft started blocking this kind of attack out of the box with Windows XP SP2 in 2004.jedishrfu said:People are speechless in the face of this viral onslaught.
I'm confused. Wikipedia article says:stoomart said:I just shake my head that there are still systems out there that either don't get patched, or don't run host firewalls to block the spread of this stuff. Microsoft started blocking this kind of attack out of the box with Windows XP SP2 in 2004.
Doesn't this imply that their OSs did not block this kin of attack until March of this year?The EternalBlue exploit had been previously identified, and Microsoft issued patches in March 2017 to shut down the exploit for the latest versions of Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016
March is when the patch was released, but running the default Windows firewall prevents a system from being compromised over the network, whether it's patched or not. You have to disable or misconfigure the firewall for the malware to spread around your network.Bandersnatch said:I'm confused. Wikipedia article says:
Doesn't this imply that their OSs did not block this kin of attack until March of this year?
The Petya ransomware virus is a type of malicious software that infects computers and encrypts their files, making them inaccessible to the user. This virus first appeared in 2016 and has since evolved into various versions, including the June 2017 attack on Ukraine.
The June 2017 Petya ransomware virus targeted Ukraine through a software update of a popular Ukrainian accounting software called MeDoc. The virus was disguised as a legitimate update and was able to spread quickly through the software's network, infecting many computers in Ukraine.
There is evidence to suggest that the June 2017 Petya ransomware virus was a targeted attack on Ukraine, as it mainly affected organizations and businesses in the country. However, it also spread to other countries, causing widespread damage.
The Petya ransomware virus uses a technique called "worm-like" behavior, where it spreads from computer to computer through a network. Once it infects a computer, it encrypts the files on the hard drive and demands a ransom payment in exchange for a decryption key.
To protect against the Petya ransomware virus, it is essential to regularly update software and operating systems, use strong and unique passwords, and back up important files regularly. It is also crucial to be cautious when opening emails and attachments from unknown senders and to have reliable antivirus software installed on all devices.