Petya Cyber Attack
Background:
News reports continue to roll in about the latest massive global ransomware attack. This time, the payload appears to be a ransomware called Petya 2.0. SonicWall Capture Labs identified the original Petya variants in 2016. However, this time it appears to be delivered by Eternal Blue, one of the exploits that was leaked from the NSA back in April. This is the same exploit that was used in the WannaCry attack. Infected systems will initially display a flashing skull, followed by a lock screen:
What you should know:
As of June 27, a high number of Petya ransomware attacks have been tracked by the SonicWall Capture Labs. The good news for our clients that are using the SonicWall security services is that we have had signatures for certain variants of Petya since March 2016. Then, in April 2017 Capture Labs analyzed and released protection for the Eternal Blue exploit that Shadow Brokers leaked from the NSA. Also, on June 27, the Capture Labs Threat Research Team issued a new alert with multiple signatures protecting customers from the new Petya Ransomware Family.
What you should do:
- Make sure your Sonicwall/Security Subscriptions are up to date (Windward has contacted all who have subscriptions lapsing in the near future).
- Deploy the latest Microsoft patches, including MS17-010 which patches the SMB vulnerability (Windward has ran scans to verify all computers monitored by us have been updated).-
- Windward Strongly recommends that you do not reply or click links in unsolicited emails or emails from unverified sources.
The Importance of Firewalls
Background:
Recent Ransomware outbreaks have illustrated their huge potential to damage business’ networks, intellectual property and sensitive data. By making sure you are up to date with the latest security technology and information; you can save you and your company from these types of threats which can cripple your networks.
What you should know:
- SonicWall Products keep your network safe against these attacks: zero-day attacks, viruses, intrusions, spyware, Trojans, worms, and other attacks.
- It will examine suspicious attacks at the gateway in a cloud-based multi-layered sandbox for inspection to keep your networks safe.
- As soon as new threats are identified, (often before software vendors can patch their software) SonicWall firewalls are automatically updated with signatures that protect against these threats.
What you should do:
- Again, keeping your subscriptions up to date with SonicWall will provide you the edge to protect your systems.
- Ensure your email security subscriptions (Office 365) are active and up to date since attacks like this often come into organizations via Email.
- If you suspect a malware intrusion, shut down your machine and call a Windward technician to prevent it from spreading.
- Make Sure your network backups are up-to-date and are tested regularly.
*If you receive anything suspicious please contact one of the members from the Windward team*