Written By Josh Harriman And Presented By Charles Leaver Ziften CEO
Another outbreak, another nightmare for those who were not prepared. While this newest attack is similar to the earlier WannaCry threat, there are some distinctions in this latest malware which is an alternative or new strain much like Petya. Called, NotPetya by some, this strain has a great deal of problems for anybody who encounters it. It may encrypt your data, or make the system completely inoperable. And now the e-mail address that you would be required to get in touch with to ‘possibly’ unencrypt your files, has actually been removed so you’re out of luck getting your files back.
A lot of information to the actions of this threat are openly readily available, but I wished to touch on that Ziften consumers are protected from both the EternalBlue threat, which is one system used for its proliferation, and even better still, a shot based upon a possible flaw or its own type of debug check that removes the hazard from ever performing on your system. It could still spread out nevertheless in the environment, however our defense would currently be presented to all existing systems to stop the damage.
Our Ziften extension platform allows our clients to have defense in place against certain vulnerabilities and destructive actions for this risk and others like Petya. Besides the particular actions taken against this particular variation, we have taken a holistic approach to stop particular strains of malware that conduct different ‘checks’ versus the system prior to executing.
We can also utilize our Search capability to try to find residues of the other proliferation strategies used by this danger. Reports show WMIC and PsExec being used. We can look for those programs and their command lines and usage. Despite the fact that they are genuine processes, their usage is typically uncommon and can be notified.
With WannaCry, and now NotPetya, we expect to see an ongoing rise of these types of attacks. With the release of the current NSA exploits, it has offered enthusiastic cyber criminals the tools needed to push out their items. And though ransomware risks can be a high commodity vehicle, more damaging risks could be launched. It has always been ‘how’ to get the hazards to spread out (worm-like, or social engineering) which is most challenging to them.