Petya Ransomware Spreading via EternalBlue Exploit
Updated: Sep 11, 2018
A new strain of ransomware is making its way across the globe at lightning speed. The ransomware dubbed "Petya", spreads through a Microsoft Windows vulnerability that had been patched by Microsoft back in March of 2017. This vulnerability was also targeted by the WannaCry ransomware back in May 2017.
Most of the infections are happening in Europe, but reports are coming in that some some US companies, with European offices have been hit too. US law firm DLA Piper went old school notifying it's Washington DC office about the attack py posting a whiteboard message
Petya is the Russian word for the name Peter, however the origins of the ransomware are not currently known.
What does Petya do?
Petya exploits the vulnerability called EternalBlue, an exploit generally believed to have been developed by the U.S. National Security Agency (NSA). It systematically will encrypt your files and require a payment of at least $300 worth of bitcoin to get the key to unlock your files.
How to protect against Petya
A few things you can do to help protect yourself from Petya, or any other malware or ransomware:
Deploy the latest Microsoft patches, including MS17-010 which patches the SMB vulnerability
Consider disabling SMBv1 to prevent spreading of malware
Remain vigilant when opening attachments or clicking on links from senders you do not know
Ensure you have the latest updates installed for your anti-virus software, vendors are releasing updates to cover this exploit as samples are being analysed
Ensure you have backup copies of your files stored on local disks. Use a cloud backup service like RMKCync
Use a user account that does not have administrative access