The Petya Ransomware Attack: A One Minute Briefing
What do we know so far?
1. It’s a new strain of the Petya ransomware virus, which has existed since 2016
2. Also referred to as GoldenEye and PetrWrap
3. What makes Petya different from previous strains, is that it now includes the EternalBlue exploit as a way to propagate inside a targeted network
4. It started in Ukraine, and infections have since been reported in countries across the globe, including Germany, US, Netherlands and the UK
5. It reportedly hit 2,000 companies. High-profile victims include Maersk Group, pharmaceutical giant Merck, the Chernobyl nuclear facility and British advertising agency WPP
6. New victims are still emerging, and the full extent of the attack is still unknown
7. The virus got in through a vulnerability in the Windows operating system, attacking the Server Messaging Block service – which is used to share files and printers across local networks
8. Once infected, the virus locks the computer and encrypts the files on them. It then demands Bitcoin to be decrypted
9. So far it has raised just $9,618 through release payments.
How can you protect against Petya and future strands of the virus?
Through software updates, customers using Sophos Endpoint Protection are now protected against all recent variants of this ransomware. Further updates will provide protection against possible future variants. Customers using Sophos Intercept X were proactively protected against the attack.
If you’re not using Sophos, it is imperative that you check the status of your current cyber security software. As the above demonstrates, criminals are becoming more sophisticated in their attacks. Simply having off-the-shelf antivirus protection will no longer cut it. At Arden, we recommend the Sophos Synchronised Security suite, it takes a multi-layered approach to cyber-security, enabling your defences to be as coordinated as the attacks they protect against.