I've been researching these recent ransomware attacks, but have not found what I'm looking for, maybe because there's so much out there I just haven't gotten to it all. Cutting to the chase ...
I've found that petya encrypts files with certain file types (of course). Does it retain or change the modification time of the encrypted file?
Does either petya or wannacry create ransom message files like cryptowall's HELP_DECRYPT?
Are there any additional indicator files these malware will create on e.g. a shared NAS storage device (versus simply on the infected computer itself).
According to what I've read this variant uses the Windows Management Instrumentation Command-line (WMIC) interface for lateral movement over SMB (Server Message Block) and using the EternalBlue (MS17-010) exploit. Questions:
Is it possible for a pure Linux system which does use CIFS?
Is it possible for Windows workstations peers to infect each other in a system that does use Samba for file sharing on Linux hosted Samba mounts?
Is it possible for this malware to infect Linux workstations?
Can anyone provide some references on more details on Wannacry and Petya?
--more information ...
I found this at https://blog.barracuda.com/2017/06/29/notpetya-both-more-and-less-than-it-seems
A typical NotPetya attack we observed starts its life as an RTF file with a .doc extension attached to an email ... In the RTF attack vector, using a .doc file extension helps ensure that Microsoft …