Mounir Hahad, head of the Juniper Threat Labs, lent some perspective to news that a new variant of the Shamoon malware was discovered on the network of Italian oil and gas contractor Saipem.
Mounir Hahad, Head at Juniper Threat Labs:
“This version of the Shamoon destroyer packs the same punch as previous attacks, but was made more difficult to study as no indication of the intended victim is present in the malware itself, unlike previous versions. This variation will render any system it infects unusable by overwriting a key hard drive section called the Master Boot Record with random data. Unlike the previous variant, this one does not attempt to spread, which leads us to believe that the attack vector and the method of infecting more systems is yet to be discovered.
The good news from a victim’s perspective is that some data can still be restored and the systems can definitely be brought back to life by using backups. Several anti-malware technologies, including Juniper’s JATP Appliance and Sky ATP next-gen firewall security services, are able to detect and block this threat.”