What You Should Know About the Petya or Petrwrap Ransomware Attack

Posted by Kevin Davis - June 27, 2017 - Important Information


On Tuesday, June 27, 2017 another massive ransomware attack, currently known as Petya or Petrwrap (also referenced as GoldenEye or Not Petya), was launched affecting computers worldwide.

Ransomware attacks typically rely on unsuspecting end users clicking on a link or an attachment which launches a program that encrypts (locks) all of the files a user has access to, including those on a corporate server. The user is then told to pay a ransom in the form of BitCoin to receive a key to unlock the files.

This particular ransomware attack exploits a vulnerability in Microsoft Operating Systems. Microsoft released a patch for this vulnerability in their MS17-010 security bulletin; however, many organizations neglect to apply patches or are still using older, unsupported, versions of Microsoft OS such as Windows XP.

For those organizations that are not covered under our SafetyNet Managed Services (Ultimate) program, here are some simple steps your business can take to protect against ransomware attacks:

  • Apply this Microsoft security patch immediately
  • Make sure you are using supported operating systems and applications 
  • Make sure you apply the latest patches as soon as they become available
  • Make sure that all of your systems are protected by antivirus and anti-malware software, and ensure that the virus and malware signatures are updated automatically and consistently.
  • Employ a “next generation” firewall with integrated threat detection
  • Implement backup procedures that create more frequent “recovery points” to limit the amount of lost data if you need to recover your data from backups.
  • Educate your end users to look for the tell-tale signs of a suspicious email

The last step is the most important. As this is an active attack, variants of the original virus are already circulating to thwart countermeasures already in place. It is imperative that your end user community be ever vigilant in inspecting what they are receiving in email and proceeding with caution.

For more information on this particular ransomware attack visit https://www.us-cert.gov/ncas/current-activity/2017/06/27/Multiple-Petya-Ransomware-Infections-Reported 

To stay up to date on the latest news about network security and vulnerabilities subscribe to Tech Talk today.

network assessment for business

about the author

Kevin Davis

Kevin Davis is currently the Vice President of Service and Support for SymQuest, and is based in the South Burlington, VT and West Lebanon, NH office locations. Davis is responsible for the network and client support teams at SymQuest. Davis started with SymQuest in April of 2007 as an Incident Response Engineer. His love for customer service and technology quickly led him through various engineering positions where his passion for process improvement and motivating team members advanced him to management positions with increasing responsibilities leading to his present role as Vice President of Service and Support. Kevin holds many industry IT certifications and was a member of True Profits Group.

Kevin Davis