Just after the storm of WannaCry subsided, another round of ransomware cycles through global networks. Here is what you need to know about our latest threat:
- Petya has been a threat since 2016. There are also new strains built from Petya. The current threat mimics the Petya technology, and is often referred to as “NotPetya.”
- Mainstream antivirus products can detect and block Petya-like attacks, if your product is up-to-date.
- Petya historically has entered machines from a copycat type of email; an email that appears to be from DropBox, FedEx, etc.
- Petya can use “EternalBlue” to spread. This is a vulnerability that most mainstream products protect against, and Windows has released a patch to address. It can also spread by acquiring usernames and passwords of other network users and spreading across network shares. The most recent attacks affecting Ukraine have also used a specific accounting software to spread to company servers.
The bottom line: install a security product and keep it updated. Keep your devices patched and updated. Make sure you backup important files, and check the status of your backup when you receive your reports. (Was your nightly backup successful? Does the backup set include the correct files?) And last but not least, be a savvy email user. Hover over links before clicking to see if they link to a .exe file or other unexpected file extension. Consider whether someone would really be sending you a link to a DropBox file, etc.
If you think your machine is infected, contact ITS as soon as possible to limit spread to your server or other networked machines. Learn more about Petya/NotPetya from AVG.