Written By Josh Harriman And Presented By Chuck Leaver Ziften CEO
Another outbreak, another headache for those who were not prepared. While this latest attack is similar to the earlier WannaCry threat, there are some differences in this most current malware which is a variant or brand-new strain much like Petya. Called, NotPetya by some, this strain has a great deal of problems for anyone who encounters it. It might encrypt your data, or make the system entirely unusable. And now the email address that you would be needed to contact to ‘perhaps’ unencrypt your files, has actually been taken down so you’re out of luck retrieving your files.
Plenty of information to the actions of this threat are publicly offered, but I wished to discuss that Ziften consumers are secured from both the EternalBlue threat, which is one mechanism utilized for its propagation, and even much better still, a shot based upon a possible flaw or its own type of debug check that removes the danger from ever operating on your system. It might still spread out however in the environment, however our security would already be rolled out to all existing systems to halt the damage.
Our Ziften extension platform enables our customers to have protection in place against specific vulnerabilities and destructive actions for this hazard and others like Petya. Besides the specific actions taken versus this specific variant, we have actually taken a holistic approach to stop certain strains of malware that carry out different ‘checks’ against the system prior to operating.
We can likewise use our Browse capability to try to find remnants of the other propagation techniques used by this risk. Reports reveal WMIC and PsExec being used. We can search for those programs and their command lines and use. Despite the fact that they are legitimate processes, their use is usually rare and can be notified.
With WannaCry, and now NotPetya, we anticipate to see an ongoing increase of these types of attacks. With the release of the current NSA exploits, it has offered ambitious hackers the tools required to push out their items. And though ransomware threats can be a high product vehicle, more destructive hazards could be released. It has actually always been ‘how’ to get the risks to spread out (worm-like, or social engineering) which is most tough to them.