Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated throughout the day.
Since the SamSam attacks that targeted US healthcare entities in March 2016, Talos has been concerned about the proliferation of ransomware via unpatched network vulnerabilities. In May 2017, WannaCry ransomware took advantage of a vulnerability in SMBv1 and spread like wildfire across the Internet.
Today a new malware variant has surfaced. Our current research leads us to believe that the sample leverages EternalBlue and WMI for lateral movement inside an affected network. This behavior is unlike WannaCry, as there does not appear to be an external scanning component. Additionally, there may also be a psexec vector that is also used to spread internally.
The identification of the initial vector has proven more challenging. Early reports of an email vector can not be confirmed. Based on observed in-the-wild behaviors, the lack of a known, viable external spreading mechanism and other research we believe it is possible that some infections may be associated with software update systems for a Ukrainian tax accounting package called MeDoc. Talos continues to research the initial vector of this malware.
Read more »
Tags:
Cisco Systems Inc. published this content on 27 June 2017 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 27 June 2017 18:19:07 UTC.
Original documenthttps://blogs.cisco.com/security/talos/worldwide-ransomware-variant
Public permalinkhttp://www.publicnow.com/view/78D10DAFFDE14BC20CE4E64DEB91676050F7C1F0
Cisco Systems, Inc. is the world leader in designing, developing, and marketing Internet network equipment. Net sales break down by family of products and services as follows:
- network equipment (68.9%); switches and routers, technological software and systems (storage, Internet access, and security systems, wiring, gateways, connection interfaces and modules, etc.), etc.;
- services (24.3%): technical assistance, network design, execution, and integration services, etc.;
- security products (6.8%).
Net sales are distributed geographically as follows: Americas (58.7%), Europe/Middle East/Africa (26.6%) and Asia/Pacific (14.7%).
CISCO SYSTEMS, INC. 
