Petya Ransomware Malicious Host Detection

ID 700152.PRM
Type nessus
Reporter Tenable
Modified 2017-10-02T00:00:00


One or more requests to potential Petya ransomware related malware hosts have been detected. Petya differs from typical ransomware as it does not just encrypt files, it also overwrites and encrypts the master boot record (MBR), demanding payment via cryptocurrency. Petya propagates itself similar to "WannaCry" by exploiting the MS17-010 vulnerability, also known as EternalBlue which was part of the ShadowBrokers dump.

                                            Binary data 700152.prm