Microsoft publishes in-depth analysis of latest ransomware

Jul 1, 2017 06:16 GMT  ·  By

Microsoft has revealed that the impact of the latest ransomware infection called Petya was substantially smaller as compared to WannaCry, which infected hundreds of thousands of computers across the world.

In an in-depth analysis of Petya, Microsoft says that the attack started in Ukraine, with more than 70 percent of the infected systems being located in this country.

But what’s more important is that Petya, which is based on the same SMB vulnerability like WannaCry but received worm-like capabilities, could not compromise Windows 10 systems, with Microsoft telemetry data revealing that most of the victims were Windows 7 PCs.

And even so, the scale of the attack was dramatically smaller this time, and Microsoft says that only some 20,000 devices were infected.

But as compared to WannaCry, Petya made more high-profile victims, with the attack primarily aimed at organizations and businesses in Ukraine and the rest of Europe. The infection also reached the United States, but reports in this regard were rather isolated.

Always-improving ransomware

Microsoft says that while Petya wasn’t as successful as its predecessor, it also shows a worrying trend that improves with every new ransomware, as infections get new capabilities that can get around more advanced security technology.

“The new Petya ransomware variant we saw this week is significantly more complex than the original. It also improved on WannaCrypt‘s spreading mechanisms by using a second exploit and adding more propagation methods. These lateral movement capabilities make this ransomware a higher risk for networks with an infected machine. Furthermore, the boot sector modification behavior [...] gives this ransomware more potential to cause damage to machines,” Microsoft says.

To remain protected against Petya and new forms of ransomware, users are recommended to upgrade to Windows 10 and to run the latest patches with the most recent virus definitions for Windows Defender.

Microsoft patched the SMB vulnerability being exploited by WannaCry and Petya in March, so it’s critical for users to have systems fully up-to-date to make sure that their devices are not vulnerable to attacks.