PETYA Ransomware – Security Bulletin

Petya – Security Update

Following on from the recent WannaCry ransomware threat that has swept the globe in the past month, another ransomware threat has escalated globally overnight, including reports of Australian companies being affected.

How The Petya Threat Works

Similarly to the WannaCry outbreak, Petya is generally distributed via url links emailed to users, and a file being downloaded as the link is openned. It is spread within a network in a similar way to WannaCry and utilising the same Microsoft vulnerability – MS17-010.
However Petya operates differently to WannaCry by encrypting the Master Boot Record of a system. This effectively destroys the index of files held on a computer, rendering the PC or server inoperable after a reboot, with no access to the files held locally.

Preventative Steps?

The response to the Petya threat is the same as the previous Wannacry threat.
The most time critical action is patching. In response to WannaCry, Microsoft released a patch for systems including end of life operating systems such as Windows XP.
Apart from patching, user education is also very important, as the ransomware typically enters an organisation as a result of end-users clicking on links.
Other important things to have in place are current backups, and a response plan for ransomware attacks.

Over the past month we have been asked numerous questions about how users and businesses can protect themselves and their organisations. Essentially, these can be distilled into the following:

  • User Education – Ensure that your users are educated when it comes to Cyber Security;
  • Windows and Application Patching – This is an essential step, ensuring that any known vulnerabilities in software are removed, reducing the attack surface;
  • Deploy a good AV and Anti-ransomware solution into your environment – Again an essential step in protecting your computers and hand-held devices.
  • Employ a multi-layered security approach, by combining multiple layers of protection and detection across your environment, from Firewalls and Email Security Gateways at the perimeter, monitoring and detection across your network and where applicable segmentation based upon work-load and asset risks;
  • Ensure your DR, Backup and Recovery solutions and procedures are in place and working;

We are able to supply any number of the above components to your business, however there’s not a one size fits all approach. If you would like to discuss any facet of your organisation’s Security posture please don’t hesitate to get in touch.

For customer’s that have our Managed Cloud Services we employ a number of components to ensure that the risks associated with Ransomware outbreaks such as WannaCry and Petya are mitigated and substantially addressed. These include:

Server Anti-virus and Anti-Cryptor technologies installed to all Servers;
Patching of all Servers (ensuring all known vulnerabilities are addressed);
Security and Threat Management solutions – constantly monitoring traffic in and out of and across our networks;
Perimeter solutions by way of Next Gen Firewall solutions;
DDOS Protection; and importantly
Backups.

Not only are these solutions deployed by default, but they are monitored, managed and maintained by the Secure-ISS team to ensure their ongoing effectiveness and reliability.

In addition to the above solutions we also offer Email Security Gateway options (to protect inbound emails from SPAM and malicious content), Web Solutions to protect your website from defacement and DDOS attack and other solutions to protect your organisation from internal attacks and misuse of information.

 

If you have any questions about this particular ransomware variant, our security solutions or your Cyber Security strategy Grant or Richard would be happy to have a confidential conversation and can be contacted on 1300 769 460 or via email at sales@secure-iss.com.

Yours sincerely,

The Secure-ISS Team
Secure Internet Storage Solutions