Petya ransomware? What you need to know

What You Need To Know About Petya Ransomware

As many companies regained their footing after last month’s devastating WannaCry outbreak, we saw another ransomware attack yesterday, which, has so far, impacted organizations in more than 65 countries.
The ThreatLabZ team detects suspicious code and patterns by analyzing 35 billion transactions a day in the Zscaler cloud security platform. We will share what we are seeing so far and what you can do to protect yourself. Join us for webcast tomorrow and visit our blog to get real-time updates and answer any questions you may have.
What we have seen
While this outbreak may or may not be related to the Peyta ransomware strain, our analysis has revealed some key facts:
  • One of the delivery methods looks to be related to an infected version of a software update from the Ukrainian company MeDoc
  • The ransomware payload uses the Windows Management Instrumentation Command-line (WMIC) interface and EternalBlue exploit to propagate laterally over SMB
  • After a device is exploited, the malware encrypts the Master Boot Record, which then holds the machine for ransom after reboot
Zscaler recommendations and upcoming webcast

As we recommended after the WannaCry outbreak, the key to preventing the virus from spreading is proper patching and control of SMB file sharing on your network. Please register for the webcast now and continue to check our blog for ongoing updates.

Best Regards,
Zscaler ThreatlabZ Team

Related Posts

Leave a Reply

About Us

"AGT" offers complete end-to-end security protection through technology tools, cybersecurity strategy, consulting, and project management services. From addressing specific security gaps to a full environment cybersecurity strategy. With services designed to improve any organization’s overall organizational security posture, AGT develops strategies to implement and deploy successful cybersecurity solutions to protect companies from data and financial loss.