London, UK – June 27, 2017 – We created a SIEM use case that detects the new version of infamous Petya ransomware . Petya A / PetrWrap Ransomware detector for ArcSight, QRadar and Splunk is available free of charge for all organizations after registration in the S.M.A. Cloud. Currently, we are working on finding and adding new indicators of compromise (IoCs) to the use cases.
The virus spreads quickly, and researchers around the world share the information they find. It is necessary to stop the spread of this threat as soon as possible. The attack began today in Ukraine; government, energy companies and banks were affected by this attack. Soon organizations all over the world began to report about spreading this virus. This ransomware encrypts not just individual files but master file table, changes MBR and make a scheduled job to restart infected machine in 1 hour, meanwhile making lateral movement to infect other Windows machines. Attackers demand to pay $300 in cryptocurrency for file decription.
Use case for ArcSight: https://ucl.socprime.com/use-case-library/info/418/
Use case for QRadar: https://ucl.socprime.com/use-case-library/info/419/
Use case for Splunk: https://ucl.socprime.com/use-case-library/info/420/