Just a few weeks after the WannaCry ransomware attack that made a lot of noise in the news and affected various organizations globally, a new threat appears to be spreading quickly.
Multiple reports of Petya ransomware infections occurring in networks in many countries around the world have been reported. Similar to WannaCry, Petya uses the Eternal Blue exploit to propagate itself. Petya has been in existence since 2016. It differs from typical ransomware as it doesn’t just encrypt files, it also overwrites and encrypts the master boot record (MBR), making affected machines unusable. Reports indicate that the ransomware exploits vulnerabilities in Server Message Block (SMB).
Attached is an Emerging Threat Report from our partner and leader in Security with the largest Cyber Intelligence, Symantec, to enable you to better understand the Petya Threat.
As a reminder and general rule, a good cyber hygiene and security policies & procedures are extremely important within your organization and ensuring the following among others:
- Latest Windows security updates have been applied
- Symantec Endpoint Protection properly configured and updated
- IDS/IPS signatures deployed following recommendation by the vendor
- Create Cyber Security Awareness for employees
- Log Collection, Monitoring of Events and Incident Management
At Birger, we are at your disposal 24x7 in our Cyber Defense Center powered by Symantec. We want to make sure that you are protected and prepared to predict, prevent, detect and respond to the emerging threat landscape.