June 27, 2017

Information about a new outbreak of an encryption ransomware appeared. The Trojan affected oil, telecommunication and financial companies in Russia and Ukraine. Doctor Web informs users that the new encoder is detected by Dr.Web products.

According to data of our information security specialists, the Trojan is distributed independently, just as infamous WannaCry. Yet there is no precise data if it uses the same distribution mechanism. At present, our security researchers examine the new Trojan; we will give the details later on. Some mass media sources draw parallels with the ransomware Petya (in particular, Dr.Web detects it as Trojan.Ransom.369) due to the external side of the ransomware operation. However, a distribution method of the new threat is different from the standard pattern of Petya.

Today, on June 27 at 4.30 p.m., this encryption ransomware has been added to Dr.Web virus databases as Trojan.Encoder.12544.

Doctor Web advises all users to be vigilant and refrain from opening suspicious emails (this measure is required but is not fully sufficient). It is necessary to make backup copies of critically important data and to install all software security updates. Availability of an installed anti-virus is also crucial.