These Large Companies, Still Using Unpatched or Bootleg Windows, Got Hit by Petya Ransomware Attack

Even after all the WannaCry hoopla in May. US companies too! The Petya ransomware attack infected over 2,000 computer systems across the world as of midday today, according to Kaspersky Lab, cited by Reuters. Russia and Ukraine were most affected. Other victims were in Britain, France, Germany, Italy, Poland, and the US. When China starts up its computers, it will suffer the consequences for not staying in bed.
The malware includes code known as ‘Eternal Blue,’ which was also used in the WannaCry attack in May. Experts believe the code was purloined from NSA. The ransomware encrypts hard drives of infected machines and then demands $300 in bitcoin in order for the user to regain access. Petya takes advantage of the same vulnerability in Windows as WannaCry.
But Microsoft released a patch to fix this vulnerability on March 14. Patched computers were not affected by WannaCry, and are not affected today. The Windows Malicious Software Removal Tool detects and removes the malware automatically during the updating process. But that update isn’t available for bootleg copies of Windows – hence China’s disproportionate problems with the attack in May.

This post was published at Wolf Street on Jun 27, 2017.