Organisations and Computer Users Must Take Immediate Action to Protect against Petya Ransomware

Wazzup Pilipinas!

Fortinet, a global leader in high-performance cyber security solutions, today advised organisations and computer users to brace and take immediate action against a new ransomware variant called Petya that is sweeping across the world. The ransomware is currently having an impact on a wide range of industries and organizations, including critical infrastructure such as energy, banking, and transportation systems.

This is part of a new wave of multi-vector ransomware attacks that we are calling “ransomworm”, which takes advantage of timely exploits. The ransomworm is designed to move across multiple systems automatically, rather than stay in one place.  It appears that the Petra ransomworm is using similar current vulnerabilities that were exploited during the recent Wannacry attack.

Unlike WannaCry which encrypts a computer’s files, however, the Petya ransomware encrypts a segment of the hard drive that renders the entire computer inoperable. Older legacy systems and critical infrastructure are particularly vulnerable to this attack.

The patch for this vulnerability was issued by Microsoft earlier this year. We advise organizations to update their systems immediately.

In addition, here are a few other steps organisations and individuals should take to protect themselves:

IT Department

·         Back up your critical systems’ files, and keep that backup offline.

·         Ensure you have a ‘gold standard’ operating system disk and configuration, to allow you to reconstruct your desktops with confidence.

·         Patch.

·         Check the currency of your patches.

Users

·         Don’t execute attachments from unknown sources.

Security Operations

·         Push out signatures and antiviruses.

·         Use sandboxing on attachments.

·         Use behavior-based detections.

·         At firewalls, look for evidence of Command & Control.

·         Segment, to limit the spread of the malware and backup data being encrypted.

·         Ensure that Remote Desktop Protocol is turned off, and/or is properly authenticated, and otherwise limit its ability to move laterally.

General Guidance

·         If affected, do not pay the ransom

·         Share facts of infiltration with trusted organizations such as the local police, to assist with overall community efforts to diagnose, contain, and remedy the attack.

Further cautions and an analysis of the ransomware landscape can be found here: http://blog.fortinet.com/2017/06/27/new-ransomware-follows-wannacry-exploits

About "WazzupPilipinas.com"

WazzupPilipinas.com is the fastest growing and most awarded blog and social media community that has transcended beyond online media. It has successfully collaborated with all forms of media namely print, radio and television making it the most diverse multimedia organization. The numerous collaborations with hundreds of brands and organizations as online media partner and brand ambassador makes WazzupPilipinas.com a truly successful advocate of everything about the Philippines, and even more since its support extends further to even international organizations including startups and SMEs that have made our country their second home.