Does MetaDefender Core v4 Detect the NotPetya Ransomware?

A new ransomware attack that was allegedly first detected in Ukraine is spreading across Europe and the world. Does OPSWAT technology currently detect this new attack?

At the heart of the solution, the base MetaDefender Core multi-scanning engine uses up to 20 anti-malware engines to scan files for threats. Our detection rate is dependent on the number of enabled engines, with a higher number of engines increasing malware detection rates.

Currently, most of the engines used in our MetaDefender Core base packages have acknowledged the Petya ransomware threat. Below is a package breakdown with the available information provided from each of the engine vendors.

Please note:

  1. Lower packages of MetaDefender Core are a subset of higher packages. For example, MetaDefender Core 4 uses the engine in MetaDefender Core 1 alongside Ahnlab, Avira, and ESET for a total of 4 engines.

  2. Some of our vendors may already be detecting this threat but do not have any official post about it. These vendors are not listed below but will be included as more information becomes available.

  3. Specific engine detection is based on the most up to date engine definitions. Some latency may occur due to update frequency, update methods, or network speeds.

Windows:

MetaDefender Core 4:

Ahnlab: https://company.ahnlab.com/company/site/pr/comSecuNews/comSecuNewsView.do?seq=25748

Avira: https://blog.avira.com/petya-strikes-back/

ESET: https://www.eset.com/us/about/newsroom/corporate-blog/petya-ransomware-what-we-know-now-3/

MetaDefender Core 8:

Bitdefender: https://labs.bitdefender.com/2017/06/massive-goldeneye-ransomware-campaign-slams-worldwide-users/
https://labs.bitdefender.com/2016/04/low-level-petya-ransomware-gets-bitdefender-vaccine/

Quick Heal: http://blogs.quickheal.com/petya-ransomware-affecting-users-globally-things-can/

Total Defense: https://www.totaldefense.com/security-blog/total-defense-products-detect-the-known-variations-of-the-goldeneye-petya-ransomware

Zillya!: https://ru.tsn.ua/ukrayina/v-antivirusnoy-kompanii-rasskazali-kto-mozhet-stoyat-za-hakerskoy-atakoy-petya-a-i-chem-eto-grozit-885812.html

MetaDefender Core 12:

AVG: https://support.avg.com/answers?id=906b0000000DrE1AAK

Ikarus: https://www.ikarussecurity.com/about-ikarus/security-blog/new-ransomware-petya-hides-in-application-files/

MetaDefender Core 16:

CYREN: https://blog.cyren.com/articles/petya-ransomware-spreading-fast-using-same-wannacry-exploit

Emsisoft: http://blog.emsisoft.com/2017/06/27/petya-petna-ransomware/

Kaspersky: https://blog.kaspersky.com/new-ransomware-epidemics/17314/
https://blog.kaspersky.com/petya-ransomware/11715/
https://blog.kaspersky.com/petya-decryptor/11819/
https://blog.kaspersky.com/tag/petya/

VirusBlokAda: https://blog.fortinet.com/2017/06/27/new-ransomware-follows-wannacry-exploits

MetaDefender Core 20:

McAfee: https://kc.mcafee.com/corporate/index?page=content&id=KB89540
https://securingtomorrow.mcafee.com/mcafee-labs/new-variant-petya-ransomware-spreading-like-wildfire/

Sophos: https://nakedsecurity.sophos.com/2017/06/27/breaking-news-what-we-know-about-the-global-ransomware-outbreak/
https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Petya-AQ.aspx
https://community.sophos.com/kb/en-us/127027
https://community.sophos.com/products/b/sophos-community-blog/posts/new-disk-encrypting-ransomware

VirITeXplorer: http://www.tgsoft.it/italy/news_archivio.asp?id=843

Linux:

MetaDefender Core 5:

Bitdefender: https://labs.bitdefender.com/2017/06/massive-goldeneye-ransomware-campaign-slams-worldwide-users/
https://labs.bitdefender.com/2016/04/low-level-petya-ransomware-gets-bitdefender-vaccine/

ESET: https://www.eset.com/us/about/newsroom/corporate-blog/petya-ransomware-what-we-know-now-3/

Total Defense: https://www.totaldefense.com/security-blog/total-defense-products-detect-the-known-variations-of-the-goldeneye-petya-ransomware

MetaDefender Core 10:

Avira: https://blog.avira.com/petya-strikes-back/

CYREN: https://blog.cyren.com/articles/petya-ransomware-spreading-fast-using-same-wannacry-exploit

Ikarus: https://www.ikarussecurity.com/about-ikarus/security-blog/new-ransomware-petya-hides-in-application-files/

Quick Heal: http://blogs.quickheal.com/petya-ransomware-affecting-users-globally-things-can/

VirusBlokAda: https://blog.fortinet.com/2017/06/27/new-ransomware-follows-wannacry-exploits


This article applies to MetaDefender Core v3 and MetaDefender Core v4
This article was last updated on 2018-03-22
CN