There are a few interesting things to say about the current ransomware Petya. One thing is clear, there is no “kill-switch”. After some preliminary tracking of the domains which presumably deliver the payload for its RTF (Windows document exploit) delivery system and cross referencing it to passive intelligence about the domain name, we noticed the frequency of 2 million hits within an hour. The domains we tracked are not currently serving the payload and are down.
Connect with Kryptos
- Emotet scales use of stolen email content for context-aware phishing, 12 Apr, 2019
- North Korean APT(?) and recent Ryuk Ransomware attacks, 10 Jan, 2019
- Emotet Awakens With New Campaign of Mass Email Exfiltration, 31 Oct, 2018
- Inside Look at Emotet's Global Victims and Malspam Qakbot Payloads, 01 Aug, 2018
- A Brief Look At North Korean Cryptography, 03 Jul, 2018