{"id":656,"date":"2017-06-27T20:10:26","date_gmt":"2017-06-27T19:10:26","guid":{"rendered":"https:\/\/www.carnet.hr\/upozorenje-nova-ransomware-kampanja-petya\/"},"modified":"2018-11-30T16:07:51","modified_gmt":"2018-11-30T15:07:51","slug":"upozorenje-nova-ransomware-kampanja-petya","status":"publish","type":"post","link":"https:\/\/www.carnet.hr\/en\/upozorenje-nova-ransomware-kampanja-petya\/","title":{"rendered":"Upozorenje – nova ransomware kampanja Petya"},"content":{"rendered":"

U tijeku je nova kampanja zlonamjernim ransomware sadr\u017eajem te su slu\u010dajevi zaraze zabilje\u017eeni u Ujedinjenom Kraljevstvu, Rusiji, Indiji, Nizozemskoj, Španjolskoj, Danskoj i drugima. Trenutna su meta ra\u010dunala raznih korporacija, energetskih postrojenja te banaka.<\/p>\n

Prema više razli\u010ditih izvora, nova ina\u010dica zlonamjernog ransomware sadr\u017eaja nazvanog Petya (negdje Petwrap) munjevito se širi koriste\u0107i više Windows ranjivosti. Iako se još ne zna to\u010dan izvor širenja zlonamjernog sadr\u017eaja, mogu\u0107e je da Petya koristi EternalBlue ranjivost (ranjivost SMBv1 protokola za koju je izdana zakrpa MS17-010, istu onu koji je koristio i WannaCry u prošloj velikoj kampanji, u kombinaciji s ranjivosti Microsoft Office paketa koja je zakrpana u travnju, a odnosi se na oznaku CVE-2017-0199.<\/p>\n

Petya je slo\u017een zlonamjerni sadr\u017eaj koji djeluje veoma razli\u010dito od ostalih vrsta zlonamjernog ransomware sadr\u017eaja te, za razliku od ostalih, ne šifrira podatke na ra\u010dunalu redom i zasebno. Petya, nakon zaraze, ponovno pokre\u0107e ra\u010dunalo korisnika te šifrira MFT datoteku (engl. master file table) te onemogu\u0107ava rad MBR zapisu (engl. master boot record) što rezultira ograni\u010denim pristupom ure\u0111aju.<\/p>\n

U slu\u010daju uspješno izvedenog napada, Petya \u0107e zamijeniti MBR zapis vlastitim zlonamjernim kodom što onemogu\u0107ava ra\u010dunalu pokretanje. Na samom zaslonu zara\u017eenog ra\u010dunala pokazat \u0107e se poruka u kojoj su sadr\u017eani podaci za uplati te poruka napada\u010da koju prenosimo u nastavku:<\/p>\n

"If you see this text, then your files are no longer accessible, because they are encrypted. Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."<\/p>\n

Prema rije\u010dima sigurnosnim stru\u010dnjacima iz tvrtke VirusTotal, samo je 13 od 61 sigurnosnih usluga u mogu\u0107nosti otkriti Petya zlonamjerni sadr\u017eaj.<\/p>\n

Ovaj ransomware zlonamjerni sadr\u017eaj kao kontakt podatke koristi adresu elektroni\u010dke pošte wowsmith12345@posteo.net<\/a> i kao naknadu za dešifriranje podataka tra\u017ei isplatu 300 ameri\u010dkih dolara u Bitcoin valuti.<\/p>\n

To\u010dni na\u010dini ubrzanog širenja zlonamjernog sadr\u017eaja Petya nisu utvr\u0111eni, ali prevladava mišljenje kako je rije\u010d o korištenju SMBv1 EternalBlue ranjivosti na ra\u010dunalima koja nisu izvršila nadogradnju svojeg operacijskog sustava Windows. Potencijalni vektor širenja je i maliciozni Word dokument koji korisnici dobivaju kao privitak u e-mailu. <\/p>\n

Zaštititi se mo\u017eete hitnom nadgradnjom vašeg ra\u010dunala (pogotovo nadgradnje koje se odnosi na EternalBlue – MS17-010<\/a>) te onemogu\u0107avanjem SMBv1 protokola za dijeljenje podataka, kao i primjenom zakrpe CVE-2017-0199<\/a>.<\/p>\n

Preporuka je tako\u0111er da redovito radite sigurnosnu kopiju vaših podataka te da ju dr\u017eite odvojenu od ra\u010dunala. Va\u017eno je da na ure\u0111aju imate instaliran valjan, a\u017euran i aktivan antivirus te da se prilikom slu\u017eenja internetom ponašate odgovorno i oprezno. Ne otvarajte privitke u sumnjivim mailovima i po primitku ih izbrišite. <\/p>","protected":false},"excerpt":{"rendered":"

U tijeku je nova kampanja zlonamjernim ransomware sadr\u017eajem te su slu\u010dajevi zaraze zabilje\u017eeni u Ujedinjenom Kraljevstvu, Rusiji, Indiji, Nizozemskoj, Španjolskoj, Danskoj i drugima. Trenutna su meta ra\u010dunala raznih korporacija, energetskih postrojenja te banaka.<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[24],"class_list":["post-656","post","type-post","status-publish","format-standard","hentry","category-preporucujemo"],"acf":[],"yoast_head":"\nUpozorenje - nova ransomware kampanja Petya - CARNET<\/title>\n<meta name=\"description\" content=\"U tijeku je nova kampanja zlonamjernim ransomware sadr\u017eajem te su slu\u010dajevi zaraze zabilje\u017eeni u Ujedinjenom Kraljevstvu, Rusiji, Indiji, Nizozemskoj, Španjolskoj, Danskoj i drugima. Trenutna su meta ra\u010dunala raznih korporacija, energetskih postrojenja te banaka.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Upozorenje - nova ransomware kampanja Petya - CARNET\" \/>\n<meta property=\"og:description\" content=\"U tijeku je nova kampanja zlonamjernim ransomware sadr\u017eajem te su slu\u010dajevi zaraze zabilje\u017eeni u Ujedinjenom Kraljevstvu, Rusiji, Indiji, Nizozemskoj, Španjolskoj, Danskoj i drugima. Trenutna su meta ra\u010dunala raznih korporacija, energetskih postrojenja te banaka.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.carnet.hr\/en\/upozorenje-nova-ransomware-kampanja-petya\/\" \/>\n<meta property=\"og:site_name\" content=\"CARNET\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/facebook.com\/CARNET.hr\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-06-27T19:10:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-11-30T15:07:51+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.carnet.hr\/wp-content\/uploads\/2019\/06\/facebook_OG_image.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"neuralabAdmin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@CARNET_HR\" \/>\n<meta name=\"twitter:site\" content=\"@CARNET_HR\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"neuralabAdmin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.carnet.hr\\\/en\\\/upozorenje-nova-ransomware-kampanja-petya\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.carnet.hr\\\/en\\\/upozorenje-nova-ransomware-kampanja-petya\\\/\"},\"author\":{\"name\":\"neuralabAdmin\",\"@id\":\"https:\\\/\\\/www.carnet.hr\\\/#\\\/schema\\\/person\\\/847905b26791ec33b8c026f20da4771c\"},\"headline\":\"Upozorenje – nova ransomware kampanja Petya\",\"datePublished\":\"2017-06-27T19:10:26+00:00\",\"dateModified\":\"2018-11-30T15:07:51+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.carnet.hr\\\/en\\\/upozorenje-nova-ransomware-kampanja-petya\\\/\"},\"wordCount\":523,\"commentCount\":0,\"articleSection\":[\"Preporu\u010dujemo\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.carnet.hr\\\/en\\\/upozorenje-nova-ransomware-kampanja-petya\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.carnet.hr\\\/en\\\/upozorenje-nova-ransomware-kampanja-petya\\\/\",\"url\":\"https:\\\/\\\/www.carnet.hr\\\/en\\\/upozorenje-nova-ransomware-kampanja-petya\\\/\",\"name\":\"Upozorenje - nova ransomware kampanja Petya - CARNET\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.carnet.hr\\\/#website\"},\"datePublished\":\"2017-06-27T19:10:26+00:00\",\"dateModified\":\"2018-11-30T15:07:51+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.carnet.hr\\\/#\\\/schema\\\/person\\\/847905b26791ec33b8c026f20da4771c\"},\"description\":\"U tijeku je nova kampanja zlonamjernim ransomware sadr\u017eajem te su slu\u010dajevi zaraze zabilje\u017eeni u Ujedinjenom Kraljevstvu, Rusiji, Indiji, Nizozemskoj, Španjolskoj, Danskoj i drugima. Trenutna su meta ra\u010dunala raznih korporacija, energetskih postrojenja te banaka.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.carnet.hr\\\/en\\\/upozorenje-nova-ransomware-kampanja-petya\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.carnet.hr\\\/en\\\/upozorenje-nova-ransomware-kampanja-petya\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.carnet.hr\\\/en\\\/upozorenje-nova-ransomware-kampanja-petya\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.carnet.hr\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Upozorenje – nova ransomware kampanja Petya\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.carnet.hr\\\/#website\",\"url\":\"https:\\\/\\\/www.carnet.hr\\\/\",\"name\":\"CARNET\",\"description\":\"Znanje povezuje.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.carnet.hr\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.carnet.hr\\\/#\\\/schema\\\/person\\\/847905b26791ec33b8c026f20da4771c\",\"name\":\"neuralabAdmin\",\"url\":\"https:\\\/\\\/www.carnet.hr\\\/en\\\/author\\\/neuralabadmin\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Upozorenje - nova ransomware kampanja Petya - CARNET","description":"U tijeku je nova kampanja zlonamjernim ransomware sadr\u017eajem te su slu\u010dajevi zaraze zabilje\u017eeni u Ujedinjenom Kraljevstvu, Rusiji, Indiji, Nizozemskoj, Španjolskoj, Danskoj i drugima. Trenutna su meta ra\u010dunala raznih korporacija, energetskih postrojenja te banaka.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Upozorenje - nova ransomware kampanja Petya - CARNET","og_description":"U tijeku je nova kampanja zlonamjernim ransomware sadr\u017eajem te su slu\u010dajevi zaraze zabilje\u017eeni u Ujedinjenom Kraljevstvu, Rusiji, Indiji, Nizozemskoj, Španjolskoj, Danskoj i drugima. Trenutna su meta ra\u010dunala raznih korporacija, energetskih postrojenja te banaka.","og_url":"https:\/\/www.carnet.hr\/en\/upozorenje-nova-ransomware-kampanja-petya\/","og_site_name":"CARNET","article_publisher":"http:\/\/facebook.com\/CARNET.hr\/","article_published_time":"2017-06-27T19:10:26+00:00","article_modified_time":"2018-11-30T15:07:51+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/www.carnet.hr\/wp-content\/uploads\/2019\/06\/facebook_OG_image.png","type":"image\/png"}],"author":"neuralabAdmin","twitter_card":"summary_large_image","twitter_creator":"@CARNET_HR","twitter_site":"@CARNET_HR","twitter_misc":{"Written by":"neuralabAdmin","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.carnet.hr\/en\/upozorenje-nova-ransomware-kampanja-petya\/#article","isPartOf":{"@id":"https:\/\/www.carnet.hr\/en\/upozorenje-nova-ransomware-kampanja-petya\/"},"author":{"name":"neuralabAdmin","@id":"https:\/\/www.carnet.hr\/#\/schema\/person\/847905b26791ec33b8c026f20da4771c"},"headline":"Upozorenje – nova ransomware kampanja Petya","datePublished":"2017-06-27T19:10:26+00:00","dateModified":"2018-11-30T15:07:51+00:00","mainEntityOfPage":{"@id":"https:\/\/www.carnet.hr\/en\/upozorenje-nova-ransomware-kampanja-petya\/"},"wordCount":523,"commentCount":0,"articleSection":["Preporu\u010dujemo"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.carnet.hr\/en\/upozorenje-nova-ransomware-kampanja-petya\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.carnet.hr\/en\/upozorenje-nova-ransomware-kampanja-petya\/","url":"https:\/\/www.carnet.hr\/en\/upozorenje-nova-ransomware-kampanja-petya\/","name":"Upozorenje - nova ransomware kampanja Petya - CARNET","isPartOf":{"@id":"https:\/\/www.carnet.hr\/#website"},"datePublished":"2017-06-27T19:10:26+00:00","dateModified":"2018-11-30T15:07:51+00:00","author":{"@id":"https:\/\/www.carnet.hr\/#\/schema\/person\/847905b26791ec33b8c026f20da4771c"},"description":"U tijeku je nova kampanja zlonamjernim ransomware sadr\u017eajem te su slu\u010dajevi zaraze zabilje\u017eeni u Ujedinjenom Kraljevstvu, Rusiji, Indiji, Nizozemskoj, Španjolskoj, Danskoj i drugima. Trenutna su meta ra\u010dunala raznih korporacija, energetskih postrojenja te banaka.","breadcrumb":{"@id":"https:\/\/www.carnet.hr\/en\/upozorenje-nova-ransomware-kampanja-petya\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.carnet.hr\/en\/upozorenje-nova-ransomware-kampanja-petya\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.carnet.hr\/en\/upozorenje-nova-ransomware-kampanja-petya\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.carnet.hr\/"},{"@type":"ListItem","position":2,"name":"Upozorenje – nova ransomware kampanja Petya"}]},{"@type":"WebSite","@id":"https:\/\/www.carnet.hr\/#website","url":"https:\/\/www.carnet.hr\/","name":"ABOUT","description":"Knowledge connects.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.carnet.hr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.carnet.hr\/#\/schema\/person\/847905b26791ec33b8c026f20da4771c","name":"neuralabAdmin","url":"https:\/\/www.carnet.hr\/en\/author\/neuralabadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/www.carnet.hr\/en\/wp-json\/wp\/v2\/posts\/656","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.carnet.hr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.carnet.hr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.carnet.hr\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.carnet.hr\/en\/wp-json\/wp\/v2\/comments?post=656"}],"version-history":[{"count":0,"href":"https:\/\/www.carnet.hr\/en\/wp-json\/wp\/v2\/posts\/656\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.carnet.hr\/en\/wp-json\/wp\/v2\/media?parent=656"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.carnet.hr\/en\/wp-json\/wp\/v2\/categories?post=656"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}