"The current wave of infection is very likely targeted at companies," explains Tim Berghoff, G DATA Security Evangelist. "According to what we know right now, a compromised update for an accounting software which is widely used in Eastern Europe is responsible for spreading the Petna ransomware. This means that it has hit a number of major companies that either operate in or have have business relations with the region."
G DATA publishes the latest results of the Petna ransomware infection wave
An encryption Trojan is specifically targeting businesses and once again exploiting vulnerabilities developed by US intelligence agency NSA.
Criminals once again using NSA tools
WannaCry had already confirmed fears that criminals would use tools from the arsenal of a secret service for criminal purposes. The "Eternalblue" exploit is part of a collection of tools developed by the NSA and was leaked to the public in April by the hacking group "Shadow Brokers". "Eternalblue" exploits vulnerabilities in the Server Message Block (SMB) of the Windows operating systems, which were already closed by Microsoft in March 2017.
The analysis of the G DATA security experts continues and the latest results are constantly posted on the G DATA Security Blog.