INFORMATION ON THE PETYA RANSOMWARE
Thirtyseven4 has recently come across a new strain of the Petya Ransomware earlier this week that is affecting users globally. Currently, we have intercepted reports of this ransomware attack from several countries.
The Petya ransomware was reportedly distributed through spam and phishing emails and Microsoft vulnerability MS17-010. After execution, the ransomware payload infects the Master Boot record (MBR) and replaces it with a custom boot loader with code to encrypt the full disk starting with MFT (Master File Tree) and then leaves a ransom note.
The ransomware will also schedule a shutdown task using Task Scheduler, after which the ransomware will display a fake Check Disk screen and then demand a ransom.
All Thirtyseven4 users are fully protected from the Petya ransomware family, as the Thirtyseven4 IDS/IPS module reliably blocks the infection attempt that exploits the eternal blue vulnerability. Thirtyseven4's Behavior Based Detection (BDS) also proactively blocks and warns users of a potential attack under way. In addition, ThirtySeven4 already had generic detection for the Petya Ransomware as,"Ransom.Petya.A5".
(Thirtyseven4 Virus Protection)
(Thirtyseven4 Advanced Behavior Detection)
The Thirtyseven4 Virus Research Team is continuously monitoring the threat and working on releasing updates to protect the threat at different proactive layers. So please keep your Thirtyseven4 up-to-date with all the current updates that are regularly released.
Preventive steps and recommendations:
~ Avoid clicking on links in emails received from an unknown sender.
~ Apply all Microsoft Windows patches including MS17-010 that patches the Eternal Blue Vulnerability.
~ Make sure your Thirtyseven4 auto update is ON and is updated to latest definitions.
~ Take a backup of your data to an external disk regularly.
~ Avoid logging into a computer with Administrative privileges. Work with a user account that has standard user privileges and not administrative privileges.