New Ransomware Attack And How To Protect Yourself Against It

Related to a previous article published on our blog: Ransomware Part 1

Back in March of 2017, WannaCry was identified as a ransomware attack that took advantage of gaps in programming to infect machines with a virus that would lock your files until you paid for them. The fix for that problem was through a simple patch that was released much earlier prior to the attack. All the infected machines were a victim of not being up to date on patches. The same can be said for this new threat.

On June 27, 2017 there were reports of a new ransomware dubbed “Petya” spreading across Europe. The first infections had started showing up in Ukraine with about 12,500 machines being infected. This new threat is different than WannaCry because it has worm capabilities, which allows it to move laterally across infected networks. However, it still uses the same SMBv1 vulnerabilities that WannaCry first exploited.

How To Prevent It

This new ransomware takes advantage of the same vulnerabilities that WannaCry exploited, as in machines still using SMBv1 without the patch given back in March under MS17-010. The same patch you had to install to prevent the spread of WannaCry.
If you unable to patch your systems in time, another way to prevent the spread of this attack is to disable SMBv1 as a workaround, you can do so by following the instructions given here.
Since Petya needs to steal credentials from an infected machine to get access to admin share files, assign rights to everyone using least privilege to reduce the chance of the malware getting the credentials it requires.

Additionally, it is important to use an endpoint firewall to block workstation to workstation communication and prevent the spread across computers. Combining this with least privilege and proper account segregation for your IT staff and you'll be well on your way to a more secure environment. Lastly, accounts with server/domain admin rights shouldn’t ever be used on workstations.

To learn more about what the comprehensive network security offerings through Vodigy please contact us.


Popular posts from this blog

8 Ways Managed IT Services Can Benefit Small Businesses

3 Ways Managed IT Services Make The Workday Go Smoothly

How Intrusion Prevention Systems Sniff out Sneaky Cyber Attacks