Does MetaDefender Core v5 Detect the NotPetya Ransomware?
This article applies to all MetaDefender Core releases subsequent to V4.21.2, including all V5 releases, deployed on Windows or Linux systems.
The voracious NotPetya ransomware attacks were first detected in Ukraine in 2017 and quickly spread across Europe and the world, continuing on their devastating course for approximately two years.
OPSWAT was swift to incorporate defenses against this threat into the latest MetaDefender Core technology and, since the group responsible for the NotPetya attacks are still at large today, we (and our vendors) remain vigilant and dedicated to safeguarding organizations against NotPetya and similar threats.
At the heart of the solution, the base MetaDefender Core multi-scanning engine uses up to 33 anti-malware engines to scan files for threats. Our detection rate is dependent on the number of enabled engines, with a higher number of engines increasing malware detection rates overall.
Currently, most of the engines included in our MetaDefender Core base packages acknowledge the NotPetya ransomware threat. Below is a package breakdown with relevant information provided by each of the engine vendors.
- Lower packages of MetaDefender Core are subsets of higher packages. So, higher packages include the same engines as lower packages - plus more.
- For a comprehensive list of engines per package and OS, expand the Metascan tab on the following webpage: https://www.opswat.com/products/metadefender/enterprise
- Some of our vendors may already be detecting the NotPetya threat but do not have any official post about it. These vendors are not listed below but will be included as more information becomes available.
- Specific engine detection is based on the most up-to-date engine definitions. Some latency may occur due to update frequency, update methods, or network speeds.
Windows
MetaDefender Core 8
Avira:
https://blog.avira.com/petya-strikes-back/
ESET:
https://www.eset.com/us/about/newsroom/corporate-blog/petya-ransomware-what-we-know-now-3/
Bitdefender:
https://labs.bitdefender.com/2017/06/massive-goldeneye-ransomware-campaign-slams-worldwide-users/
https://labs.bitdefender.com/2016/04/low-level-petya-ransomware-gets-bitdefender-vaccine/
Quick Heal:
http://blogs.quickheal.com/petya-ransomware-affecting-users-globally-things-can/
VirITeXplorer:
http://www.tgsoft.it/italy/news_archivio.asp?id=843
MetaDefender Core 12
CYREN:
https://blog.cyren.com/articles/petya-ransomware-spreading-fast-using-same-wannacry-exploit
MetaDefender Core 16
Emsisoft:
http://blog.emsisoft.com/2017/06/27/petya-petna-ransomware/
Zillya!:
VirusBlokAda:
https://blog.fortinet.com/2017/06/27/new-ransomware-follows-wannacry-exploits
MetaDefender Core 20
McAfee:
https://kc.mcafee.com/corporate/index?page=content&id=KB89540
Sophos:
https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Petya-AQ.aspx
Linux
MetaDefender Core 5
Bitdefender:
https://labs.bitdefender.com/2017/06/massive-goldeneye-ransomware-campaign-slams-worldwide-users/
https://labs.bitdefender.com/2016/04/low-level-petya-ransomware-gets-bitdefender-vaccine/
ESET:
https://www.eset.com/us/about/newsroom/corporate-blog/petya-ransomware-what-we-know-now-3/
MetaDefender Core 10
Avira:
https://blog.avira.com/petya-strikes-back/
CYREN:
https://www.cyren.com/blog/articles/petya-ransomware-spreading-fast-using-same-wannacry-exploit
Quick Heal:
https://blogs.quickheal.com/petya-ransomware-affecting-users-globally-things-can/
For more information on virus-specific protections, or to report a suspected vulnerability or threat, please follow these instructions on auto$, before creating a support case or chatting with our support engineer.