1 min read

What you need to know about Petya / Not Petya Malware

Chris Bedel : Jun 28, 2017

Category One

You've probably heard about the the latest outbreak of the 'Petya' ransomware. Like WannaCry, this is a worm-enabled ransomware, so it can spread across your network to infect other machines. It sounds like 'Petya' not only encrypts files, but also uses mimikatz to steal administrative credentials as well.

Links are below to more information, but here are the quick hitters:

  1. Make sure all your systems have the MS17-010 patch applied. (https://technet.microsoft.com/en-us/library/security/ms17-010.aspx)
  2. Disable SMBv1 where possible
  3. Block outside access (firewall) to the following ports: 137, 138, 139 and 445
  4. Remove administrative access where not needed (like 99% of your users on their workstations)
  5. Have good, offline backups
  6. Train users to not folllow links or open attachments in emails they are not suspecting or look suspicious 

Krebs: https://krebsonsecurity.com/2017/06/petya-ransomware-outbreak-goes-global/
The Register: https://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware/
Introducing Our Newest Cybersecurity Expert, Brian Petzold!

Introducing Our Newest Cybersecurity Expert, Brian Petzold!

Chris Bedel : Feb 26, 2018

Featured
Read More
Equifax Deserves the Corporate Death Penalty

Equifax Deserves the Corporate Death Penalty

contributor : Oct 23, 2017

Interesting perspective from Ron Fein over at Wired. If this happens, what is the precedent for other industries like healthcare or banking? Are you...

Category One
Read More

NIST’s new password rules – what you need to know

contributor : May 29, 2017

One of the biggest changes proposed by the new NIST Digital Identity Guidelines is getting rid of mandatory password changes. This would mean no...

Category One
Read More