PLEASE READ – ‘Petya’ Ransomware Guidance - Complete IT

Complete I.T. Blog

PLEASE READ – ‘Petya’ Ransomware Guidance

by | Jun 28, 2017 | Archived Articles

You will no doubt have seen on the news another large-scale cyber attack using Ransomware to encrypt computers and data.This latest attack is a variant of the well-publicised WannaCry outbreak which affected the NHS in May. Many organisations both in the UK and across the Globe have been effected. Once again, this will no doubt lead you to have concerns around the security of your own IT systems. As an IT support company, we wanted to try and provide you with the information you need to keep your business fully protected.

What Happened?

On Tuesday, a piece of Malware (known as Petya or Petrwrap), which infects PC’s and Servers by locking (or encrypting) the data stored on them, was released across the internet. This Malware looks for specific exploits or holes in Windows Operating Systems. Once the malware has infected a machine data is locked, the only way to unlock it is to pay a ransom fee to the criminals or to restore from a backup. The Ransomware in this particular case was a variant of Cryptolocker called ‘Petya’ or ‘Petrwrap’

How did it get in?

This attack was very similar to the WannaCry outbreak that effected the NHS and used many of the same exploits to get in

  • ‘Petya’ or ‘Petrwrap’ looks for an exploit in poorly patched Windows operating systems, exploiting something known as SMB
  • If a server or workstation does not have the latest patch(s) then the machine can be compromised by Petya’ or ‘Petrwrap’
  • Once one machine has been infected, the Malware has the ability to spread to other systems on the network

There are many ways that Malware can find its way into a network, these include

  • An infected email attachment or link, double clicking the attachment will infect the machine you are on with Ransomware, equally clicking a link can have the same affect, therefore user education is vital to reduce the likelihood of this happening
  • A Brute Force attack, this is where a hacker will keep attempting (guessing) a username and password to gain access to IT systems, so a strong password policy is vital to stop these types of attacks
  • Visiting websites which have been infected with a Ransomware payload, this is then downloaded to your machine, therefore a web-filtering type service is important to reduce this as the source of any infection

How do I prevent against Ransomware?

There are really 2 ways to keep yourself safe and secure and protected from Ransomware

  • The first is Good Security Hygiene
  • The second is educating your users to be vigilant and know what to look out for

Good Security Hygiene

Complete I.T. recommend the following security is in place to help prevent against Ransomware

  1. Ensure your Antivirus software is up to date on all of your machines.
  2. Ensure that your machine has all of the latest Windows Updates Installed, the one to protect against this particular Ransomware can be found here https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
  3. Ensure that you have a ‘complex’ password in place (i.e. 10 characters with a mix of upper and lowercase letter and numbers)
  4. Ensure you have an account lockout policy in place (i.e. if you put the wrong password in 5 times or more, the account will be locked out)
  5. Ensure you have a good quality firewall in place and the software on it has the latest version of the software
  6. Where possible remove administration rights from users, this will stop them running executable files such as Cryptolocker
  7. Use a website filtering product to protect against visiting and downloading viruses from the internet

User Education

The other part of protecting against Ransomware is to educate your users

  • You need to educate your users not to open emails and attachments that don’t look genuine
  • You need to educate your users on being vigilant and keeping an eye out for suspicious activity

In the unfortunate event that you are hit by Ransomware, the likelihood is that you will need to recover your IT systems from backup. The most important thing to do if you think you have been affected by Petya is to make sure you do not reboot your machine without speaking to your IT support provider first, as once the machine is rebooted you will not be able to get back into the operating system. Ensuring that you have an effective Business Continuity or backup solution in place that works and is easily and quickly restorable is critical. Whilst this has always been important, the rise of Ransomware means that this is more important than ever.

Distribute this blog throughout your organisation to educate your team.

If you want to talk o us about your IT support then contact us!