Proactive Countermeasures to Protect from Petya Ransomware
You may have seen the news that a massive ransomware attack, spread via email, infected systems in Russia and Ukraine early Tuesday morning and quickly spread to the west, becoming a global issue in only a matter of hours. This attack, caused by Petya Ransomware, is anticipated to spread to the United States, leaving a massive impact not unlike the recent WannaCry Ransomware attack. Ransomware is malicious software that encrypts victim’s data and demands a ransom to unlock it. While the specifics of the attack are not yet known, there have been major IT disruptions for various organizations across several industries. We’d like to explain how this Petya Ransomware attack spread and what countermeasures are available to protect your organization from this threat and others like it.
How did this happen?
This particular ransomware variant spreads via email attachments such as Word documents and PDF files. Unlike other ransomware attacks, it does not encrypt your files; instead, the virus targets the hard drive, leaving your systems inaccessible. Petya attacks as soon as a computer boots up, so users do not have any time to react to the virus. Like WannaCry, this ransomware takes advantage of a vulnerability, or flaw, in Microsoft operating systems including both desktop and server operating systems. While Microsoft released a patch to fix this flaw on March 14, 2017, some systems still remained unpatched for various reasons. This attack is able to infect systems that did not have the March 14th patch applied.
If your business was affected by the Petya ransomware attack, contact us for support.
Patching: iCorps takes patching seriously and prioritizes patches when they are released. Patching is the single biggest defense against these types of threats. Automated patching provides the highest level of security in these type events. iCorps helps clients implement technology such as Microsoft’s Enterprise Mobility + Security that enables organizations to streamline and automate patching.
Managed Security: For those of our clients utilizing our Managed Security service, our partner SonicWALL released a signature in April to protect against this threat. iCorps provides endpoint protection through this managed service.
Up-to-date operating system: Updated Windows 10 systems were not impacted by this attack. Additionally, any clients on Windows 10 Enterprise have the added benefit of Advanced Threat Protection (ATP) which is immune from this type of threat as well as having built-in zero day countermeasures (important to protect against some of the most dangerous threats).
Recovery: For those of our clients utilizing our iCorps Guardian (data backup and disaster recovery service) you can rest assured that your server data and systems are backed up. Having this safeguard in place would allow you to bypass the ransomware altogether and allow iCorps to get your IT systems back up and running within hours. For critical desktops, the same level of protection can be provided.
iCorps considers cybersecurity to be of utmost importance for its clients and takes these types of events seriously. If you have any questions about the countermeasures explained above or the ransomware attack, contact us. We are happy to answer any questions or work with you further to improve your company’s security posture.