June 29, 2017 by Michelle Lopez
Widespread, global outbreaks of a new malware called Petya has government agencies and organizations of all sizes scrambling to regroup. This robust malware has been labeled “ransomware” by many news outlets, including PCWorld, but is far more insidious than a simple ransomware outbreak. Since Petya has already impacted over 12,000 machines in the Ukraine alone and is beginning to spread, awareness of how this malware works, how it spreads and how to stop it is essential for organizations and businesses around the world.
McAfee swiftly released a map detailing where its clients have been impacted by Petya; with some prominent locations showing in the United States. While Petya is being billed as ransomware (and previous, less widespread versions charged victims a Bitcoin ransom), the latest version is even worse than traditional ransomware. According to the Verge and other media outlets, Petya’s creators have no intention of restoring victim’s files – even if they pay the ransom. While victims are traditionally advised not to pay the ransom, many do and in previous ransomware attacks, have had files restored. Petya is set up to run as a wiper, deleting and overwriting files instead of merely encrypting them.Petya spreads like a worm, allowing it to access and infect all the machines on your network in record time. A single employee who falls for a phishing scam or otherwise lets the malware in could expose your entire organization to risk.
How Can You Protect your Business from Petya?
Petya uses vulnerabilities in the Microsoft environment to exploit your network. When the WannaCry ransomware was launched earlier this year, it spotlighted key vulnerabilities in the system and a patch was released. If you have not yet downloaded the patch, you should do so immediately. In addition to downloading the official patch, you should take immediate action by covering the following details:
- Perform regular backups of your data and keep files in a secure place offline. In the event of a ransomware or wiper attack your data will still be secure. Update backups frequently to ensure your current files are always available.
- Keep your software up to date to ensure that any identified vulnerabilities won’t impact your own network. Patches and updates are not replacements for anti-virus software; you should have a system in place and set it to update regularly as well.
- Educate employees about phishing and about passwords; your most loyal employees could derail your entire business if they can’t identify a phishing scam. This training is essential; your employees are less likely to fall for a ransomware or wiper scheme once they can spot it and your business will be far more secure. Employees should know not only how to spot a problem but what to do if they see something suspicious.
- Monitor your network for outdated programs and app permissions and make sure your regularly used software remains up to date; you should also have a clear mobile device policy in place and know who is accessing your network.
The right training for your team can make the difference between days or even weeks of downtime as you struggle to recover your data and averting a crisis entirely. As ransomware threats continue to evolve and change, it is more important than ever to protect your business and network. Our Anti-phishing training ensures your entire team can spot and avoid phishing and similar techniques and helps you stay ransomware and malware free. Contact us to learn how easy it is to protect your network and get peace of mind about your business; we’re here to make sure you stay in control of your data.Read More...