MS Patch is Not Enough – See Cynet Stop Petya

If you thought you were safe because you patched Eternal Blue with Microsoft’s MS17-010 patch, you should think again. Yes, June 27th’s Petya attacks rode in on the coat tails of those who had not patched, but it also utilized other modes of entry.

And so, as you consider methods of securing the organization, we want to remind you – the Cynet 360 platform stops Petya. You can watch the video showing how Cynet does it here.

Protection aside, if Petya (or NotPetya, depending on whom you ask) got you, you are basically up a creek without a paddle – unless you backed up your valuable information. Email provider Posteo has killed the account the ransomware vandals were giving victims to contact for keys. So if WannaCry was not a lesson n backing up, maybe this will be.

Ukraine played a starring role in the attack’s early news alerts, but Petya soon spread like wildfire – hitting a reported 2,000 organizations in Spain, the UK, the Netherlands, France and other countries – and as of the posting of this blog, it continues to spread, though it is not necessarily raking in the big bucks at only an estimated $8000.

Now a little background – following on the heels of its cousin – WannaCry – Petya – which has been around since 2016 – resurfaced today with a bang. Like WannaCry, Petya takes advantage of the same NSA hacked EternalBlue exploit. But unlike WannaCry, which encrypted individual files, Petya focuses on an organization’s administrator tools – and it has no kill-switch – making it even nastier. The hacked computers are rebooted and the hard disk’s MFT is encrypted, effectively infecting the MBR, putting it out of commission and blocking system access. (And if this does not work, it can also just encrypt files like your usual ransomware.) Malicious code is injected into the MBR and the unlucky victim’s find themselves staring at a black screen with red text, taunting the victim with its demand for 300 Bitcoins.

Cynet stops Petya. We do this by protecting the Master Boot Record, and by detecting malicious SMB connections originating from suspicious files. Over the course of today’s attacks, while the much of the world was scrambling into system lockdown, our customers were able to rest easy, knowing the Cynet 360 platform had their assets covered. The Cynet 360 advanced threat detection and response platform is the only effective, holistic option available for the organization looking to ensure the highest level of security, while truly simplifying their detection and response.

Recent Posts