EternalPetya – yet another stolen piece in the package?

Since June 27th we have been investigating the outbreak of the new Petya-like malware armed with an infector similar to WannaCry. Since day one, various contradicting theories started popping up. Some believed that this malware is a rip-off of the original Petya, while others think that it is another step in Petya’s evolution. However, those were just different opinions and … [Read more…]

EternalPetya and the lost Salsa20 key

We have recently been facing a huge outbreak of the new version of Petya-like malware armed with a infector in WannaCry-style. The research is still in progress, and the full report will be published soon. In this post we will focus on some new important aspects that the current malware has. The low level attack works in … [Read more…]

ExPetr/Petya/NotPetya is a Wiper, Not Ransomware

After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made. This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain. Instead, it appears it was … [Read more…]

Solution Corner: Malwarebytes Endpoint Protection

We’ve been busy here at Malwarebytes with several product announcements recently. Malwarebytes Incident Response was released in late April, providing threat detection and remediation via our new cloud-based platform. Right on its heels, leveraging the same platform is Malwarebytes Endpoint Protection, our latest endpoint security solution for business. This latest release unifies a number of … [Read more…]

Adware the series, part 6

In this series of posts, we will be using the flowchart below to follow the process of determining which adware we are dealing with. Our objective is to give you an idea of how many different types of adware are around for Windows systems. Though most are classified as PUPs, you will also see the occasional Trojan or rootkit, especially for the … [Read more…]

Schroedinger’s Pet(ya)

Earlier today (June 27th), we received reports about a new wave of ransomware attacks spreading around the world, primarily targeting businesses in Ukraine, Russia and Western Europe. If you were one of the unfortunate victims, this screen might look familiar: Kaspersky Lab solutions successfully stop the attack through the System Watcher component. This technology protects … [Read more…]

Neutrino modification for POS-terminals

From time to time authors of effective and long-lived Trojans and viruses create new modifications and forks of them, like any other software authors. One of the brightest examples amongst them is Zeus (Trojan-Spy.Win32.Zbot, based on classification of “Kaspersky Lab”), which continues to spawn new modifications of itself each year. In a strange way this … [Read more…]

Petya-esque ransomware is spreading across the world

Ringing with echoes of WannaCry, a new strain of ransomware called Petya (or Petrwrap, or NotPetya) is impacting users around the world, shutting down firms in Ukraine, Britain, and Spain. Background Petya, created in July 2016, started off as one of the next-generation ransomware strains that utilizes an MBR (Master Boot Record) locker. In the early days … [Read more…]

The smart, alert, strong, kind, and brave way to internet awesome


Mom and Dad, do you know when to start talking to your kids about internet safety? Google’s new Be Internet Awesome program might just be the perfect topic to start off that conversation. Launched this National Internet Safety Month, Be Internet Awesome aims to teach kids to explore the internet safely, smartly, and confidently. This … [Read more…]

KSN Report: Ransomware in 2016-2017

This report has been prepared using depersonalized data processed by Kaspersky Security Network (KSN). The metrics are based on the number of distinct users of Kaspersky Lab products with the KSN feature enabled, who encountered ransomware at least once in a given period, as well as research into the ransomware threat landscape by Kaspersky Lab … [Read more…]