More on Petya/NotPetya/PetrWrap Ransomware

The Webroot Threat Research Team has classified all known variants of the Petya/NotPetya/PetrWrap ransomware. A Ukrainian software developer named “MeDoc” was allegedly the cause of this outbreak according to Ukrainian Cyber Police and other security researchers. MeDoc’s accounting software sent a file containing the Petya installer through their update system on June 27th. If this software is not used in your environment, you are not at risk of this delivery method.

Once downloaded, Petya contains SMB exploit code allowing it to spread from computer to computer. This targets CVE-2017-0143, CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147 and CVE-2017-0148. A patch from Microsoft named “MS17-010” addresses these vulnerabilities. To ensure “MS17-010” has been installed from Microsoft, Webroot has created a utility to check systems.  Please download it using the link below:

https://download.webroot.com/SMBCheck.exe

If the utility finds the system has not yet been patched, it will open a link for the proper patch.

For a list of all available patches, please visit the link below:

https://support.microsoft.com/en-us/help/4023262/how-to-verify-that-ms17-010-is-installed

This ransomware variant contains the ability to dump Windows account credentials in order for use in a SysInternels utility named “PSEXEC”. This utility allows the ransomware to download and execute on all systems in the network remotely, if administrator credentials are supplied. If this software is not used in your environment, we recommend blocking it via Group Policy. To block executables, you may use AppLocker and create an executable rule to block all executables named “psexec.exe”.

We also highly recommend following our best practices within our Ransomware Prevention Guide
 http://answers.webroot.com/Webroot/Loginr.aspx?pid=4&login=1&app=vw&solutionid=2637

We really hope that you find this information helpful.

Team Webroot – South Africa

Categories: Ransomware

Leave a Reply

Related Posts

Ransomware

Webroot Security Predictions for 2018

  Webroot Security Predictions 2018 Ransomware / Malware Backups will not prove enough to stop ransomware as hackers find ways to subvert this strategy.  –  George Anderson, director of product marketing, Webroot Malware campaigns will use Read more…

Ransomware

Webroot – Top 10 Nastiest Ransomware infographic

GET FREE TRIAL Success! Now check your email to confirm your subscription. There was an error submitting your subscription. Please try again. Email Address Subscribe Related

Cyberattack

Webroot – Top 10 Nastiest Ransomware Attacks of 2017

Top 10 Ransomware Attacks of 2017 We’re revealing the top 10 nastiest ransomware attacks from the past year. NotPetya came in on our list as the most destructive ransomware attack of 2017, followed closely by Read more…

%d bloggers like this: