- By Vodigy
- Posted 7/7/2017 9:55:56 AM
Related to a previous article published on our blog: Ransomware Part 1
Back in March of 2017, WannaCry was identified as a
ransomware attack that took advantage of gaps in programming to infect machines
with a virus that would lock your files until you paid for them. The fix for
that problem was through a simple patch that was released much earlier prior to
the attack. All the infected machines were a victim of not being up to date on
patches. The same can be said for this new threat.
27, 2017 there were reports of a new ransomware dubbed “Petya” spreading across
Europe. The first infections had started showing up in Ukraine with about
12,500 machines being infected. This new threat is different than WannaCry
because it has worm capabilities, which allows it to move laterally across
infected networks. However, it still uses the same SMBv1 vulnerabilities that
WannaCry first exploited.
new ransomware takes advantage of the same vulnerabilities that WannaCry
exploited, as in machines still using SMBv1 without the patch given back in
March under MS17-010. The same patch you had to install to prevent the spread
If you unable
to patch your systems in time, another way to prevent the spread of this attack
is to disable SMBv1 as a workaround, you can do so by following the
instructions given here.
Petya needs to steal credentials from an infected machine to get access to
admin share files, assign rights to everyone using least privilege to reduce the
chance of the malware getting the credentials it requires.
Additionally, it is important to use an endpoint firewall to block
workstation to workstation communication and prevent the spread across
computers. Combining this with least privilege and proper account segregation
for your IT staff and you'll be well on your way to a more secure environment. Lastly, accounts with
server/domain admin rights shouldn’t ever be used on workstations.
To learn more about what the comprehensive network security offerings through Vodigy please contact us.