New Ransomeware “Nyetya” in the Wild

Cisco is calling Nyetya "WannaCry's bad cousin" and it's no surprise as to why. This ransomware uses PSEXEC, a very legitimate administration tool from Microsoft, and WMIC to execute it's processes. It steal credentials and spreads through networks using EternalBlue and EternalRomance SMB 1 exploits which were patched by Microsoft in MS17-010 Machines that are patched against these exploits (with security update MS17-010) or have disabled SMBv1 are not affected by this particular spreading mechanism. Please refer to our previous blog for details on these [...]