Petya looks to replicate damage caused by WannaCry

 

A new strain of ransomware, being referred to as Petya, has been sweeping across Europe in the last 24 hours taking out the computer systems of several major corporations, ATMs and phone systems off line.

At this stage we have no confirmed reports of sites being impacted in ANZ however we would suggest our clients remain vigilant during the next few days in regards to this new outbreak.

Currently the most effected locations are Ukraine, Russia, France and Spain and the attack is rumoured to bear a striking similarity to the recent WannaCry ransomware that crippled sites in many countries in May.

Early indications are that this ransomware also exploits vulnerabilities in Server Message Block (SMB) as did WannaCry.

What you can do to minimise the risk of infection with Petya -

  • Firstly take the same steps we shared before regarding WannaCry which talks about applying a patch (ref - MS17-101). See here for details –

http://www.kaonsecurity.co.nz/blog/2017/may/13/wannacrypt-could-ruin-your-week-caution-required/

There are reports that this attack also is using email spam to distribute infected Office documents to also rapidly spread and distribute the ransomware. Additional recommended steps to take are –

  • Check content filters and ideally block personal emails or monitor them.
  • Block macro attachments on your corporate email security system.

Please see the brief announcement below from the US Cert for some further detail.

https://www.us-cert.gov/ncas/current-activity/2017/06/27/Multiple-Petya-Ransomware-Infections-Reported

If you require any assistance please contact the Kaon SecurITy team.

 

Tags

Archives