Written By Josh Harriman And Presented By Charles Leaver Ziften CEO
Another infestation, another nightmare for those who were not prepared. While this newest attack is similar to the earlier WannaCry risk, there are some distinctions in this newest malware which is a variant or new strain similar to Petya. Dubbed, NotPetya by some, this strain has a great deal of issues for anyone who encounters it. It might encrypt your data, or make the system completely inoperable. And now the e-mail address that you would be needed to call to ‘perhaps’ unencrypt your files, has been removed so you’re out of luck getting your files back.
A lot of information to the actions of this hazard are openly readily available, however I wished to touch on that Ziften customers are safeguarded from both the EternalBlue exploit, which is one mechanism utilized for its proliferation, and even much better still, an inoculation based upon a possible flaw or its own kind of debug check that gets rid of the danger from ever operating on your system. It might still spread nevertheless in the environment, however our defense would currently be rolled out to all existing systems to halt the damage.
Our Ziften extension platform enables our customers to have defense in place versus particular vulnerabilities and harmful actions for this danger and others like Petya. Besides the particular actions taken against this particular variation, we have taken a holistic approach to stop particular strains of malware that conduct numerous ‘checks’ versus the system prior to executing.
We can also utilize our Browse ability to search for residues of the other proliferation techniques used by this danger. Reports show WMIC and PsExec being utilized. We can look for those programs and their command lines and usage. Despite the fact that they are legitimate procedures, their usage is usually unusual and can be alerted.
With WannaCry, and now NotPetya, we expect to see an ongoing increase of these kinds of attacks. With the release of the current NSA exploits, it has actually provided enthusiastic cyber criminals the tools required to push out their items. And though ransomware risks can be a high commodity vehicle, more harmful hazards could be released. It has always been ‘how’ to get the hazards to spread (worm-like, or social engineering) which is most tough to them.