The authors of this ransomware have learned from the past. The current outbreak of Petya can be spread to unpatched systems via the same exploit at WannaCry, but it can also achieve lateral movement to infected patched systems on connected networks using Windows Management Instrumentation Command-line and PsExec.
Petya encrypts the master boot record and the master file table on infected hosts. One of the unique aspects is that it can work even if a system is offline. It does not require a live connection to command and control the server. It moves around and propagates by scanning the transmission control protocol port to identify and target machines that use unpatched versions of the server message block.
What we know so far about Petya, is it is vital to stay current with IT security, you need to keep up with the latest patches and be alert to emerging threats. Patching all endpoints can be a complex, time consuming and often costly and which can be overtaken by more pressing concerns. Unpatched systems will continue to be targeted, and keeping ahead of the cyber criminals is one task that no organization can afford to take lightly.
What you need to know…
Once on the system, Petya copies itself to the c:\windows\directory and installs a PE file in the c:\windows\dllhost.dat. The ransomware uses schtasks to create a task file that will reboot the system at a scheduled time. Many companies will be tempted to pay the ransom to get their systems back online. You need to address network segmentation and backups so that in the future, if systems are locked up, they can be taken offline and restored quickly.
We recommend you:
- Ensure systems are patched and all antivirus programs are up to date
- Determine if backup systems are effectively configured.
- Restore only from secure backups
- Isolate any unpatched systems to prevent lateral movement of Petya
- Verify effective monitoring of all critical systems and networks.
Schedule a consultation to ensure you are protected.
If you liked this blog, you also might like: Threat Intelligence – A Sight for Sore Eyes
IBM's integrated solutions harness security-relevant information from across your organization, and use analytics and automation to provide context and help you detect threats faster, identify vulnerabilities, prioritize risks, perform forensics analysis and automate compliance activities.&nbsp;
Video: IBM Watson: Taking on the Cybercriminals | WIRED
The sixth and final installment in the Cognitive Insight series highlights how IBM Watson is being trained to take on the cybercriminals.Read more: http://www.wired.co.uk/article/a-new-line-of-defence-in-cybersecuritySubscribe to WIRED?? http://po.st/SubscribeWiredCONNECT WITH WIREDWeb: http://po.st/WiredVideoTwitter: http://po.st/TwitterWiredFacebook: http://po.st/FacebookWiredGoogle+: http://po.st/GoogleWiredInstagram: http://po.st/InstagramWiredMagazine: http://po.st/MagazineWiredNewsletter: http://po.st/NewslettersWiredABOUT WIREDWIRED brings you the future as it happens – the people, the trends, the big ideas that will change our lives. An award-winning printed monthly and online publication. WIRED is an agenda-setting magazine offering brain food on a wide range of topics, from science, technology and business to pop-culture and politics.IBM Watson: Taking on the Cybercriminals | WIREDhttps://www.youtube.com/user/WiredVideoUK
Video: Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
Security teams can be overwhelmed by a sea of vulnerabilities–without the contextual data to help them focus their efforts on the weaknesses that are most likely to be exploited. Cyberthreats need to be stopped before they cause significant financial and reputation damage to an organization. You need an endpoint security platform that can detect threats, prioritize risks and respond within minutes to shut down an attack or vulnerability that could compromise your endpoints.IBM BigFix seamlessly integrates with IBM QRadar to provide closed loop vulnerability management, accelerating risk prioritization and incident response to mitigate potential attacks giving you an integrated threat protection system to keep your endpoints and data secure.For more information, please visit http://ibm.co/1oSThIF
Infographic: A survey of the cyber security landscape
Understand the threat landscape to improve your security posture. There’s very little that cyber criminals can do today that’s truly new—and yet, 2015 was filled with serious incidents across the entire industry. View our 2016 Cyber Security Intelligence infographic to learn more, and determine what you can do to improve your security posture.
Video: Endpoint Management with IBM BigFix
Discover, manage and control your endpoints–in real time. With IBM BigFix, you can find and fix problems in minutes with real-time visibility and control into all your endpoints. Our single-console, single-agent, single-server architecture helps reduce the cost, risk and effort of managing virtually any mix of endpoints—so you can focus on higher value projects for increased productivity.To learn more about IBM BigFix, please visit http://ibm.co/1Ok4bBs
Video: IBM MaaS360 Enterprise Mobility Management
IBM MaaS360 has massively redefined mobile security and productivity for enterprise management. Identity and access, malware protection and a containerized environment that feels native await inside your free 30 day trial. Start managing iOS, Android and Windows phones and tablets today https://ibm.biz/Bd4a8g
Study: 2016 Cost of Data Breach Study: Global Analysis
IBM and Ponemon Institute released the 2016 Cost of Data Breach Study: Global Analysis. According to this research, the average total cost of a data breach for the 383 companies participating in this research increased from $3.79 to $4 million. The average cost paid for each lost or stolen record containing sensitive and confidential information increased from $154 in 2015 to $158 in this year’s study.Read the complete report to learn more.