On Tuesday, June 27, 2017 another massive ransomware attack, currently known as Petya or Petrwrap (also referenced as GoldenEye or Not Petya), was launched affecting computers worldwide.
Ransomware attacks typically rely on unsuspecting end users clicking on a link or an attachment which launches a program that encrypts (locks) all of the files a user has access to, including those on a corporate server. The user is then told to pay a ransom in the form of BitCoin to receive a key to unlock the files.
This particular ransomware attack exploits a vulnerability in Microsoft Operating Systems. Microsoft released a patch for this vulnerability in their MS17-010 security bulletin; however, many organizations neglect to apply patches or are still using older, unsupported, versions of Microsoft OS such as Windows XP.
For those organizations that are not covered under our SafetyNet Managed Services (Ultimate) program, here are some simple steps your business can take to protect against ransomware attacks:
- Apply this Microsoft security patch immediately
- Make sure you are using supported operating systems and applications
- Make sure you apply the latest patches as soon as they become available
- Make sure that all of your systems are protected by antivirus and anti-malware software, and ensure that the virus and malware signatures are updated automatically and consistently.
- Employ a “next generation” firewall with integrated threat detection
- Implement backup procedures that create more frequent “recovery points” to limit the amount of lost data if you need to recover your data from backups.
- Educate your end users to look for the tell-tale signs of a suspicious email
The last step is the most important. As this is an active attack, variants of the original virus are already circulating to thwart countermeasures already in place. It is imperative that your end user community be ever vigilant in inspecting what they are receiving in email and proceeding with caution.
For more information on this particular ransomware attack visit https://www.us-cert.gov/ncas/current-activity/2017/06/27/Multiple-Petya-Ransomware-Infections-Reported
To stay up to date on the latest news about network security and vulnerabilities subscribe to Tech Talk today.