In Ukraine, during a massive cyber-attack, 12,500 computers were infected. Initial infection appears to involve a software supply-chain threat involving the Ukrainian company M.E.Doc, which develops tax accounting software, MEDoc. Such information appeared in the blog of Microsoft company.
The new ransomware has worm capabilities, which allows it to move laterally across infected networks. Based on our investigation, this new ransomware shares similar codes and is a new variant of Ransom:Win32/Petya. This new strain of ransomware, however, is more sophisticated.
Microsoft now has evidence that a few active infections of the ransomware initially started from the legitimate MEDoc updater process, according to company’s specialists.
There is information of infections in another 64 countries besides Ukraine, - including Belgium, Brazil, Germany, Russia, and the United States.
Microsoft released cloud-delivered protection updates and made updates to our signature definition packages shortly after. These updates were automatically delivered to all Microsoft free antimalware products, including Windows Defender Antivirus and Microsoft Security Essentials. You can download the latest version of these files manually at the Malware Protection Center.
Earlier it was reported that NATO specialists will help Ukraine recover from cyber attack, according to Stoltenberg. The alliance is now working on strengthening of cyber defense.
The attacks began at about 11.30 a.m. on Tuesday. The provider disabled the websites of the National Police and Ministry of Internal Affairs due to cyber attack. The virus spread very quickly. It affected computers operating on Windows after restarting and coding itself.