Petya Ransomware: “Bigger Than WannaCry”
The Petya ransomware attack began earlier today in Europe and is quickly spreading globally. We asked our experts for their thoughts on this latest attack. Elliott Abraham, CISSP, lamented, “There’s no kill switch in Petya. It will most certainly be bigger than WannaCry.” Senior Solutions Architect Jacob Hunt added, “The Petya strain has been around for more than a year.”
ADAPTURE Senior Security Architect Tim Cullen said, “The key to stopping the encrypt phase is easy, it’s the dropper that is the problem.” He mentioned that vendors like FireEye, Checkpoint, and Cylance can all protect from this if they are deployed. Tim also stressed that organizations need to be educated on how this attack embeds and launches, and ensure they are implementing best practices around device backups, operating system recovery processes, network audits, and system patching schedules. “These attacks will continue as long as people keep paying the attackers,” he shared.
Tim shares more of his thoughts on the latest outbreak of this long-known ransomware strain and how to best position yourself to defend against these types of attacks in the video below.
Video Transcription
Today in the UK, we’re starting to see a large scale attack with the name of Petya. It seems to be a variant of WannaCry. Petya has a lot of the inner workings of WannaCry, so it attacks the same way. It has the same functionality, and it does the same thing.
The way to get around this or the way that you can protect yourself from this is to block the command and control process. Once an exploit is loaded to your system, it has to call back to the main control server to let it know that it has a resource available. If you can block that call back service, you can stop the attack on your local system.
Once you are able to block the attack then you can take on the next process of remediating and removing the viruses from your systems. This is important because it’s not the only way that this functions. The command and control process stops the ransomware load from happening but the virus still exists on your machine. You have to eradicate the virus from your machine, and there are security systems that allow you to detect, defend, and remediate from these.
As these progress and as we are able to block these, we’re going to see more of these, so you have to learn what to do to block these ransomware attacks. If you would like to know if you are vulnerable to these types of attacks, you can reach out to ADAPTURE, and we can come in and help you understand if you are vulnerable and what you can do about this.