New Cyber Attack

6/27/2017

 

Petya Ransomware

A new strain of ransomware called Petya rampaged Europe this Tuesday, crippling banks and the electric grid in what cybersecurity experts refer to as one of the most “devastating digital intrusions of its time”. Reports claim Petya employs credential theft techniques to spread laterally through the network via stolen credentials.

The ransomware so far has been known to:

• Writes a message to the raw disk partition 

• Clear the windows event log using Wevtutil 

• Shut down the machine 

• Leverages PsExec to spread. PsExec is dropped as dllhost.dat 

• Encrypt files matching a list of file extensions for the purpose of extortion  


Based on this new strain of cybercrime, the MDS team urges the following actions be taken immediately: 

Apply patches to any systems still vulnerable to the previous ETERNALBLUE Exploit

• Update network security appliances to the latest versions

• Exercise caution opening all emails, and do not open attachments at this time

• Limit all web financial transactions

• Perform the most frequent computer backup, and keep a copy offline

• Limit your website usage (even on known sites)

As always, your friends at MDS are available 24x7 to provide continuous network vulnerability assessments to ensure your organization is as protected as possible against these increasingly common, debilitating attacks. 

Decrypt your files, request a free security assessment