A worldwide ransomware attack — spread by a variant reportedly called "Petya" — infected computer systems in more than 60 countries June 27.
Microsoft officials published a blog post on the Microsoft Malware Protection Center website June 27. Based on a Microsoft investigation of the global ransomware infection, the officials confirmed Petya is a new variant of an older strain of ransomware called "Ransom:Win32/Petya."
Unlike the older strain, the Petya malware that infected computer systems June 27 has worm capabilities, which enables it to move "laterally across infected networks." This update means once the ransomware infects a single machine, it will continue to infect the entire computer network.
There are three key ways Petya moves laterally through a system. The ransomware variant may steal users' credentials and existing active sessions; use file shares to transfer malicious code across machines; or execute ransomware payloads with functions on unpatched machines.
Click here to view the blog post.