New Petya Ransomware similar to WannaCry


The problems with Ransomware attacks continue. Be extremely cautious of emails from unknown senders or even emails from known sources that appear unusual or have unrecognized links.  Here's an up-to-date summary of what's known about these exploits and how to protect your systems.

A new ransomware attack called Petya, PetyaWrap, or GoldenEye began spreading worldwide on June 27th, and it looks similar to the WannaCry outbreak in May. It targets Microsoft Windows operating systems and so far reports show that all systems from XP to Windows 10 are susceptible.

Petya looks to be more sophisticated than WannaCry and doesn't have the same flaws that allowed a "killswitch" to slow down WannaCry's progress. This means Petya may be a more virulent attack and harder to slow down and stop, although experts are saying they hope the patching of the known exploits it uses after the WannaCry outbreak may limit its impact.

Petya delivers two nasty payloads: Ransomware which targets a computer's entire file system and an Information Stealer which extracts usernames and passwords from other machines in the network.

So far, this outbreak takes advantage of the same EternalBlue exploit as last month's WannaCry attack. It also targets another exploit called EternalRomance. Both of these exploits were patched by Microsoft in March. There may also be infection methods that work by using other vulnerabilities and tools, and Petya can spread to machines that are already patched against the EternalBlue and EternalRomance exploits.

Are you protected? What should you do next?
The Computing Center's clients using Sophos, Mimecast and other fully integrated security systems should have the most up-to-date security databases automatically installed.  If you would like us to help you ensure that your systems and all machines on your network are patched and protected, please contact us.  

Make sure your backups are complete and verify that they can be restored.  In one case a few months ago, we were able to do a full systems restore to circumvent a ransomware attack.

Worried you are infected?
If you believe you have been infected by the Petya outbreak or any other strain of ransomware, STOP! DON'T DO ANYTHING! It's very easy to accidently make things much worse.  Disconnect the computer from your network and contact us immediately at 607-257-3524 so we can help you.

There is a lot of information on the Internet regarding Petya and securing your systems. Some of it is good - other information is contrary and frankly inaccurate. 


Comments (Comment Moderation is enabled. Your comment will not appear until approved.)
Comments are not allowed for this entry.