“Cyber Intelligence sources indicate a large ransomware outbreak names Petya began yesterday with a heavy initial footprint in the Ukraine. There are confirmed infections across the globe with the predominant numbers in Ukraine and Russia. It is important to note while this event is not identical to past WannaCry events, it is operating in a similar fashion—mainly an existing ransomware tool has been updated with a new infection capability and this enables it to propagate very quickly and potentially produce large impacts. We believe the things which led to effective WannaCry response/remediation are highly applicable to today’s activities.
NetWolves recommends the following actions to help secure organizations from this activity:
- Ensure Windows systems are patched (MS17-010) disabling SMBv1
- All antivirus is up to date.
- Determine and confirm backup systems are effectively configured.
- Isolate any unpatched systems to prevent lateral movement of Petya.
- Verify effective monitoring of all critical systems and networks.
- Create or maintain regular reviews of privileged credential protection to prevent further access via legitimate tools across a network.
- Review incident response and contingency plans.
- Microsoft technical announcement: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
Remember: never open an attachment or link from an unknown or suspicious source. It may infect your computer with malware or steal information.”
Forwarded by your ZLH Enterprises Team
