Forcepoint Security Labs is aware of a new variant of the Petya ransomware that impacts organizations worldwide. Reports are coming in from organizations in the UK, Ukraine, Netherlands, Spain, the United States and other markets. We have identified the ransomware as being able to spread laterally within an organization via a vulnerability in the SMBv1 protocol.
The attacks are linked through the use of a common bitcoin wallet and below is a screenshot of the ransomware message displayed on infected systems.
While we're still learning more about this new variant of the Petya ransomware, we advise everyone as a first step to refamiliarize yourself with advice given during the Wannacry outbreak (links below). We're actively investigating this outbreak and will share more information soon.