Positive Technologies experts are still analyzing the malware sample and gathering additional data—in particular, information on the mechanism of its intrusion into a network. But even at this point it is obviously not just a new version of WannaCry. This ransomware combines hacking techniques, such as standard utilities for system administration and tools for obtaining passwords to operating systems. This ensures fast spread of the malware within the network and causes a large-scale epidemic—if at least one computer is infected. As a result, the computer is out of operation and data are encrypted.
According to preliminary data, we can confirm that this malware is slightly similar to Petya, ransomware known since 2016 that also caused PC to crash.
Talking about the current situation, the problem is again in information security negligence. In short, affected organizations did not learn lessons after WannaCry. First of all, updates are not installed in time. According to Positive Technologies, 20% of systems have critical vulnerabilities associated with the lack of security updates. The average age of the most obsolete updates is 9 years, and the oldest discovered vulnerability was published more than 17 years ago.
The general level of staff awareness of information security is low. There are still cases when employees download attachments or follow links received from untrusted sources.
Another problem is that information systems are often configured incorrectly in terms of architecture.
It is harder to defend against this threat, compared to WannaCry, since it is also spreading with stolen legitimate credentials. In order to struggle against it, we recommend organizations to install security updates on time, implement information security monitoring, and perform regular security audits.