To cry for: Ransomware attack brings companies to their knees

Petya ransomware is currently bringing tears to the eyes of Swiss companies. After Wanna Cry a few weeks ago, cybercriminals have again attacked Swiss companies with ransomware. Swisscom Cybersecurity experts explain what’s going on.

Ann-Kristin Koch,

Ransomware – the latest attack

  • The current attack is a virus that is based in part on so-called Petya malware. It steals login credentials from users and spreads automatically in the network (psexec/wmic), also attacking patched systems. Once the virus has infected a system, it modifies the BIOS boot program, what is known as the master boot record (MBR), and encrypts the master file table.
  • The virus spreads in many ways. It exploits software vulnerabilities, spreads via compromised websites, and sneaks into systems in e-mails with Word or Excel attachments. The extortionists demand $300 in Bitcoin. The sender is an e-mail address hosted by German provider posteo. In the meantime, this account has been blocked.
  • According to security experts from Kapersky, there were some 2000 attacks. Swisscom itself is not affected. First reports were received by MELANI from affected Swiss companies.

Swisscom’s recommendation

The risk of spread over the network is low when you have the latest update status. Computers that have installed updates according to Swisscom’s recommendations are protected against exploitation of this vulnerability. The malware was analysed and its communication channels were blocked in the Swisscom network. The anti-virus solutions used by Swisscom recognise the previously known Trojan files and delete them automatically.

The biggest threat is users who are handling their e-mails with global administrator privileges, as the Trojan might use their privileges to infect other computers on the same network.

Further sources

Current informations

Would you like to receive up-to-date information and exciting content about security? Sign up here.

More on the topic