Petya and GoldenEye/Petya
Since June 27, 2017, a large-scale attack using a ransomeware known as GoldenEye / Petya or Petya affected much of the world. Companies and public structures are particularly targeted.
In addition to encrypting files on the computer, this family of ransomeware encrypts the MBR when it has permissions, thus blocking full access to the computer. This version of the malware is distributed as a DLL with an EXPORT. When it works, it encrypts certain files on compromised system drives.
On the other hand, if it has administrator permissions, it also encrypts the boot sector of the system by preventing access to the computer, unless an access key that decrypts the system is entered. This key is supposed to be delivered once the payment of the ransom has been made.
These are the different methods of entry and propagation on compromised networks that we have identified: An attack against the mechanism of updating a third-party Ukrainian document management software called MeDoc, ETERNALBLUE which exploits the published vulnerability By Microsoft on March 14 or PSEXEC which exploits remote execution on the system using the PSEXEC command.
Adaptive Defense faces the treat
KRYPTSYS and its partner Panda Security, following the advice of the National Agency for Information Systems Security (ANSSI), recommends Adaptive Defense, which has proved its worth. All our customers are protected from this attack.
However, we recommend the following :
- Pay attention to documents contained in emails received from unapproved senders.
- Keep your operating system up-to-date with the latest Microsoft updates available.
Make sure that the Microsoft ms17-010.aspx patch is installed on all computers on your network (https://technet.microsoft.com/en-us/ library / security / ms17 -010.aspx).
- Install a Panda Security product and keep it up-to-date.
- Back up your files, preferably on media that is not connected to the network.
Protect your assets, Contact-us!
If your system is already infected
- Do not pay any ransom.
- Disconnect your computer immediately from the network.
- Contact-us, we can help.