Petya: Avoid the big Headline. Then stop chasing them.
Malware Petya has grabbed the big headlines this time.
It’s frustrating because Petya is sweeping the world with the same exploit and vulnerability that was used by the WannaCry outbreak last month.
These headlines grab the attention of the news and C-level execs, but there are threats out there that hit companies every single day. When your business is the one impacted, it’s a headline for you if not the whole world. It’s a matter of time before you’re hit hard. Are you ready for it?
When you get the anxious message from the executive team, wouldn’t it feel great to be able to answer confidently that you have proactively taken care of it already?
If not, here’s three things to think about: Preparation. Circumvention. Remediation.
Preparation
Although Petya is using the same exploit as last month’s outbreak, it is back with vengeance.
This time, the ransomware is more powerful, proficient, and dangerous than ever. However, this ransomware utilizes an MBR (Master Boot Record) locker, which prevents the computer from rebooting. The attack can spread rapidly infecting multiple systems within your organization. It does not have a kill switch like WanaCrypt0r, so there’s no simple end to the outbreak. Which should give you even more ammunition when it comes to preparation.
Unlike WannaCry, the variety of delivery options Petya offers means no patch can inevitably provide complete protection against its force. Still, administrators can take some steps to protect their systems. Although patching may not be a 100% guarantee they are still crucial in order for a hope of real defense.
Circumvention
Avoid. Avoid. Avoid. If you can.
Choosing, deploying and updating the right security software with anti-ransomware capabilities is an absolute must. If you have no anti-ransomware you are truly asking for it.
Updating and securing operating systems on your network, including checking for any open SMB ports on any Internet-facing systems is also critical. But don’t stop there, IT pros should block user accounts from having admin privileges, eliminating your chance of someone leaking the outbreak.
If all else fails, take 10 steps back and start with the basics. Do you have a security strategy? Threat education throughout the enterprise?
Remediation
If you or your company has been infected, there’s a slim chance you will recover your system unless you pay the ransom. And that brings its own set of risks, and does not guarantee recovery.
The bright side? Researchers have discovered a possible “vaccine” for Petya ransomware. You can simply create a file simply create a file called perfc in the C:\Windows folder and make it read only.
The best method for remediation? Don’t become a headline. Ask for help. We’re experts in Security, vulnerability management, remediation, prevention and managed IT services.
Here’s how we’ve been able to help our clients:
Managed IT Services – ASMGi can do the critical patch updates for you as well as any other IT necessities that maybe you and your team don’t have time to get to.
Managed Security Services – We’re there for you whether you need help getting a plan together or need help remediating a problem. It’s kind of our M.O.
The right tools for YOUR company – We’re platform neutral but we’ve partnered with the leaders in the security space in order to protect the companies we work with the best that we know how.
Give us a call (216-255-3040) or e-mail; we’d be happy to share our expertise.