A new variant of the Petya ransomware network worm appears to have surfaced in Russia and Ukraine, based on early research.



Organisations in Russia, Ukraine and other countries have fallen victim to what are thought to be a new variant of ransomware. In a tweet, Russian cyber security firm Group-IB said that at least three media organisations in the country have been hit by encrypting malware.

Cybersecurity researchers at ESET are among those monitoring the attack and have identified the ransomware encrypting some computers to be Diskcoder.D, — a new variant of ransomware known also as Petya, a particularly vicious form of file-encrypting malware which hit organisations around the globe in June.

It seems to be delivered via malicious URL as fake flash update and then using EternalBlue and Mimikatz for lateral movement and further spreading.  There are still lots of speculation though as analysis is early stage, more need to come.