What You Need To Know About Petya Ransomware
- Register for webcast – http://info.zscaler.com/Petya-
- Read our blog – https://www.zscaler.com/blogs/
- One of the delivery methods looks to be related to an infected version of a software update from the Ukrainian company MeDoc
- The ransomware payload uses the Windows Management Instrumentation Command-line (WMIC) interface and EternalBlue exploit to propagate laterally over SMB
- After a device is exploited, the malware encrypts the Master Boot Record, which then holds the machine for ransom after reboot
As we recommended after the WannaCry outbreak, the key to preventing the virus from spreading is proper patching and control of SMB file sharing on your network. Please register for the webcast now and continue to check our blog for ongoing updates.
Zscaler ThreatlabZ Team