Note: This blog post discusses active research by Talos into a new threat. This information should be considered preliminary and will be updated as research continues.
On October 24, 2017, Cisco Talos was alerted to a widescale ransomware campaign affecting organizations across eastern Europe and Russia. As was the case in previous situations, we quickly mobilized to assess the situation and ensure that customers remain protected from this and other threats as they emerge across the threat landscape.
There have been several large scale ransomware campaigns over the last several months. This appears to have some similarities to Nyetya in that it is also based on Petya ransomware. Major portions of the code appear to have been rewritten. The distribution does not appear to have the sophistication of the supply chain attacks we have seen recently.
Is there any signatures related to IPS which we need to update in firepower ?
Please see the coverage and IOC sections of the research post for details. That post is being updated as more and more analysis is completed.
๊Update latest signature on NGIPS is Necessary ?
i see on web cisco have rule update Sourcefire Rule Update 2017-10-25-001
The primary research post on talosintelligence.com is consistently being updated as further analysis is completed. Please continue checking back on that post (using the “Read More” link) for updates and in-depth details.