Written By Josh Harriman And Presented By Chuck Leaver Ziften CEO
Another infestation, another problem for those who were not prepared. While this latest attack is similar to the earlier WannaCry danger, there are some differences in this latest malware which is an alternative or brand-new strain much like Petya. Called, NotPetya by some, this strain has a lot of issues for anybody who experiences it. It may encrypt your data, or make the system entirely unusable. And now the e-mail address that you would be required to contact to ‘possibly’ unencrypt your files, has actually been taken down so you’re out of luck retrieving your files.
Plenty of information to the actions of this threat are publicly offered, but I wished to discuss that Ziften clients are safeguarded from both the EternalBlue threat, which is one system used for its proliferation, and even better still, an inoculation based upon a possible flaw or its own kind of debug check that removes the hazard from ever performing on your system. It might still spread out nevertheless in the environment, however our security would currently be rolled out to all existing systems to halt the damage.
Our Ziften extension platform enables our customers to have security in place against certain vulnerabilities and destructive actions for this risk and others like Petya. Besides the specific actions taken versus this specific version, we have taken a holistic approach to stop specific strains of malware that conduct various ‘checks’ against the system before performing.
We can also use our Search capability to search for remnants of the other proliferation techniques utilized by this threat. Reports reveal WMIC and PsExec being utilized. We can look for those programs and their command lines and use. Even though they are genuine processes, their usage is typically unusual and can be signaled.
With WannaCry, and now NotPetya, we expect to see an ongoing increase of these types of attacks. With the release of the recent NSA exploits, it has actually given ambitious hackers the tools required to push out their malware. And though ransomware risks can be a high commodity vehicle, more harmful threats could be released. It has always been ‘how’ to get the risks to spread out (worm-like, or social engineering) which is most challenging to them.