Skip to main content

New WannaCry-like ransomware attack is in the wild, affecting PCs globally

The WannaCry ransomware attack became a worldwide problem a few weeks ago, with more than 700,000 machines infected and numerous organizations held hostage. One of the most important lessons to derive from the attack’s severity and its widespread impact was that it involved a vulnerability that was already patched in current versions of Windows.

That means that anyone running a fully updated, current version of Windows was protected against this particular attack. And now, the same vulnerability is being reported at the center of a new global ransomware attack, security specialist Graham Cluley reports.

Recommended Videos

The newest attack appears to be based on the Petya or Petrwap malware that is based on the same Eternal Blue exploit that was created by the National Security Agency (NSA) and that was involved with WannaCry. That exploit was patched by Microsoft in March on systems dating from Windows XP and later, even though older versions like XP and Windows Vista are no longer supported even for security patches.

Symantec analysts have confirmed #Petya #ransomware, like #WannaCry, is using #EternalBlue exploit to spread

— Threat Intelligence (@threatintel) June 27, 2017

That means that anyone who is infected by the newest attack is running either a very old and unpatched version of Windows or a newer version that is not been updated with the latest security patches. Apparently, according to Reuters and other news outlets, this includes a variety of organization including a bank and a shipping company, among others.

The text that the new ransomware displays outlines the nature of the attack quite clearly:

“Ooops, your important files are encrypted.

If you see this text, then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.

We guarantee that you can recover all your files safely and easily. All you need to do is submit the payment and purchase the decryption key.”

As Ukraine’s Deputy Prime Minister Pavlo Rozenko tweeted, the attack begins with a thorough encryption process that comes across as oddly considerate of a user “inadvertently” losing data by shutting off the affected PC:

Та-дам! Секретаріат КМУ по ходу теж "обвалили". Мережа лежить. pic.twitter.com/B74jMsT0qs

— Rozenko Pavlo (@RozenkoPavlo) June 27, 2017

According to Ars Technica, there are even unconfirmed reports that fully patched machines are suffering from the attack. If true, then that would make it different from WannaCry in terms of who is affected. However, the payment is a similar $300 in Bitcoin, and the new attack also goes a step further in also stealing credentials that are stored on the affected machine.

There are still many uncertainties around this latest attack, but a few things remain certain. First, you should have a good backup system in place, including maintaining an offline backup of your important files that can’t be touched by malware such as this. Second, you should ensure that all of your machines are running supported operating systems that are fully up to date on all security patches.

While this new ransomware might end up being something completely new and it might affect fully patched systems, those two steps remain important advice to follow.

Mark Coppock
Mark Coppock is a Freelance Writer at Digital Trends covering primarily laptop and other computing technologies. He has…
No, a lifetime VPN subscription doesn’t mean ‘your’ lifetime
iPhone with VPN service enabled in hand over a blurred background

Folks who signed up for al lifetime subscription with VPN provider VPNSecure have been discovering the true definition of “lifetime” when it comes to such deals. And it’s not the one they'd hoped to hear.

After new owners took over the company, these particular customers recently had their lifetime subscriptions canceled. The new operator of VPNSecure told them that it didn’t know about the lifetime deals when they acquired the business, adding that it was unable to honor them.

Read more
SanDisk’s latest drive sets new benchmark for consumer NVMe SSDs
The SanDisk WD Black SN8100 PCIe Gen 5 SSD with and without heatsink variants

SanDisk has officially introduced the WD Black SN8100, its latest high-end PCIe Gen 5 NVMe SSD targeting PC enthusiasts, gamers, and professional users. With sequential read speeds of up to 14,900 MB/s and write speeds of 14,000 MB/s, the drive sets a new bar for consumer SSD performance, surpassing some of the best NVMe SSDs currently on the market, including the Crucial T705. 

The SN8100 uses a standard M.2 2280 form factor and is available in capacities of 1TB, 2TB, 4TB, and 8TB. It’s worth noting that the 1TB model offers lower write speeds, up to 11,000 MB/s, compared to the higher-capacity versions, which reach up to 14,000 MB/s. 

Read more
Pairing the RTX 5090 with a CPU from 2006? Nvidia said ‘hold my beer’
RTX 5090.

Nvidia's best graphics cards are often paired with expensive CPUs, but what if you want to try a completely mismatched, retro configuration? Well, that used to be impossible due to driver issues. But, for whatever reason, Nvidia has just removed the instruction that prevented you from doing so, opening the door to some fun, albeit nonsensical, CPU and GPU combinations.

The instruction in question is called POPCNT (Population Count), and this is a CPU instruction that also prevents Windows 11 from being installed on older hardware. Its job is counting how many bits are present in a binary number. However, as spotted by TheBobPony on X (Twitter), POPCNT will not be a problem for Nvidia's latest graphics cards anymore.

Read more