1 min read

What you need to know about Petya / Not Petya Malware

Chris Bedel : Jun 28, 2017

Category One

You've probably heard about the the latest outbreak of the 'Petya' ransomware. Like WannaCry, this is a worm-enabled ransomware, so it can spread across your network to infect other machines. It sounds like 'Petya' not only encrypts files, but also uses mimikatz to steal administrative credentials as well.

Links are below to more information, but here are the quick hitters:

  1. Make sure all your systems have the MS17-010 patch applied. (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx)
  2. Disable SMBv1 where possible
  3. Block outside access (firewall) to the following ports: 137, 138, 139 and 445
  4. Remove administrative access where not needed (like 99% of your users on their workstations)
  5. Have good, offline backups
  6. Train users to not folllow links or open attachments in emails they are not suspecting or look suspicious 

Krebs: https://krebsonsecurity.com/2017/06/petya-ransomware-outbreak-goes-global/
The Register: https://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware/

Patch your Microsoft Systems now to Protect Yourself from WannaCry Ransomware

Chris Bedel : May 15, 2017

The WannaCry ransomware is bad news. It is known to spread like a worm over the LAN once a machine is infected. Microsoft is urging everyone to...

Category One
Read More
Introducing Our Newest Cybersecurity Expert, Brian Petzold!

Introducing Our Newest Cybersecurity Expert, Brian Petzold!

Chris Bedel : Feb 26, 2018

Featured
Read More
Equifax Deserves the Corporate Death Penalty

Equifax Deserves the Corporate Death Penalty

contributor : Oct 23, 2017

Interesting perspective from Ron Fein over at Wired. If this happens, what is the precedent for other industries like healthcare or banking? Are you...

Category One
Read More