On June 27, a new ransomware outbreak called Petya has been rapidly propagating across computer networks globally. The Petya-like ransomware exploits the same SMB vulnerability as WannaCry which ravaged systems globally back in May 2017.
Rest assured that CylancePROTECT® customers are fully protected from this threat, and have been since October 14, 2015 with our 1310 model release.
Mimicking WannaCry in its propagation, this malware exhibits the same worm-like capabilities (Windows SMBv1 sharing) to spread itself remotely with no user interaction needed. In addition, it also leverages password dumping capabilities to gather credentials, PsExec to remotely run WMIC to exploit the inherent trust inside of corporate networks to spread laterally within those environments. Read More