A little over a month ago, a strain of Ransomware called WannaCry made headlines due to the incredibly successful nature of the attack as it infected hundreds of thousands of users around the world. This ransomware was delivered through an unpatched vulnerability in the Microsoft Operating System. Thankfully, the damage was minimal as the malware code had a “kill switch” built in that stopped the spread.
Today we are hearing about another version of Ransomware called “Petya” which is similar in nature to WannaCry, yet different at the same time. Petya has already infected many large organizations in Europe, including Maersk, Mondelez, and the Ukranian Government. The Ransomware demands a payment of $300 in BitCoin to decrypt your files, the same amount that WannaCry demanded. However, unlike WannaCry, there does not appear to be a “kill switch” embedded in the code which makes Petya more dangerous than WannaCry.
Petya takes advantage of what is called the EternalBlue vulnerability in the Microsoft Operating System, which is the same exact vulnerability that WannaCry exploited. Microsoft released a patch for this critical vulnerability back in April of 2017, however, Petya targets unpatched machines, just like WannaCry did a month ago. In addition, Petya is being delivered by the traditional means of phishing emails where attachments are disguised are resumes or delivery notifications which contain the malicious code.
How to Protect Yourself
- Patch your system – Make sure you have the latest patches deployed on your machines to mitigate the risk of an infection. In this case, MS-17-010-Critical is the one you are looking for: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
- Ensure that you have the latest version installed for your Anti-Virus software. Vendors are releasing updates to combat Petya daily so if you haven’t already, update your virus definitions now!
- Educate your users! If they get an email with an attachment that looks odd, trust your instincts, even if it appears to be from someone you know! DON’T CLICK ON THE ATTACHMENT!
- Restrict local admin privileges on machines. Petya needs admin access to run so by disabling local admin access, you are reducing your risk of an infection.
- Backup your files offline and locally, that way if you are infected, you can restore from backups to minimize the damage and downtime.
The single most important step in protecting yourself from this version of Ransomware is to scan for vulnerabilities and patch those vulnerabilities. Petya, much like WannaCry, is preventable if you have your systems up to date with patches that are released by vendors, such as Microsoft. On that note, we are hosting our June webinar tomorrow on the importance of Vulnerability Scanning and Patch Management. The timing is certainly good so I would encourage you to join us tomorrow by registering below. Stay safe out there friends, and we hope to see you tomorrow!
Copy and paste this link into your browser if you don't feel comfortable clicking on an image redirect: https://www.compassitc.com/june-2017-webinar-registration