• RMK Consulting Staff

Petya Ransomware Spreading via EternalBlue Exploit

Updated: Sep 11, 2018


A new strain of ransomware is making its way across the globe at lightning speed.  The ransomware dubbed "Petya", spreads through a Microsoft Windows vulnerability that had been patched by Microsoft back in March of 2017.  This vulnerability was also targeted by the WannaCry ransomware back in May 2017.


Most of the infections are happening in Europe, but reports are coming in that some some US companies, with European offices have been hit too.  US  law firm DLA Piper went old school  notifying it's Washington DC office about the attack py posting a whiteboard message


Petya is the Russian word for the name Peter, however the origins of the ransomware are not currently known.


What does Petya do?

Petya exploits the vulnerability called EternalBlue,  an exploit generally believed to have been developed by the U.S. National Security Agency (NSA).  It systematically will encrypt your files and require a payment of at least $300 worth of bitcoin to get the key to unlock your files.


Russian Security group  GIB, report that Petya may also use LSADump to capture administrator passwords and can infect entire networks, even if the systems have been patched.






How to protect against Petya

A few things you can do to help protect yourself from Petya, or any other malware or ransomware:

  • Deploy the latest Microsoft patches, including MS17-010 which patches the SMB vulnerability

  • Consider disabling SMBv1 to prevent spreading of malware

  • Remain vigilant when opening attachments or clicking on links from senders you do not know

  • Ensure you have the latest updates installed for your anti-virus software, vendors are releasing updates to cover this exploit as samples are being analysed

  • Ensure you have backup copies of your files stored on local disks. Use a cloud backup service like RMKCync

  • Use a user account that does not have administrative access

9 views

RMK CONSULTING, LLC

RMK Consulting, LLC provides exceptional IT Support Services, Managed IT Services, Cloud Computing Solutions and Phone Systems to businesses across Texas. Our Managed IT Services are designed to Manage and Protect your IT systems so you can focus on your business.

SERVICES

CONTACT

RMK Consulting, LLC

415 N Guadalupe Ste. 165

San Marcos, TX 78666

(512) 761-7652

  • RMK Consulting, LLC on LinkedIN
  • RMK Consulting, LLC on Twitter
  • RMK Consulting, LLC on Facebook
  • RMK Consulting, LLC on YouTube
  • RMK Consulting, LLC on Instagram
  • RMK Consulting, LLC RSS Feed