Home ResourcesBlog FOXGUARD MONITORS PETRWRAP RANSOMWARE ATTACK

FOXGUARD MONITORS PETRWRAP RANSOMWARE ATTACK

Share:Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn

REMEMBER WannaCrypt?

This morning (June 27th) Ukraine’s critical services were hit with a set of cyber attacks, which affected Ukraine’s power companies, airports, banks, and even a radiation monitoring system for Chernobyl. The attack in question is another piece of ransomware call PetrWrap, an adaptation of Petya. Petya is similar to WannaCrypt, which hit the industry just a short time ago, in that it encrypts the victim’s data using a public private key pair, and demands money (around $300 US) to recover the files. PetrWrap/Petya also throws in its own twist by also overwriting the master boot record of the victim hard drive, making it unable to boot. Ukraine was the first hit, but the attack has spread and now affects many countries in Europe, as well as the US. PetrWrap/Petya seems to be using the same exploit (EternalBlue) that was used by WannaCrypt. It is believed that a Microsoft Office exploit is used and malicious office files are delivered via phishing emails, which then use the EternalBlue exploit to spread across a company’s network. 
FoxGuard recommends applying the EternalBlue patches supplied by Microsoft, as well as the patches for the Office exploit to make sure you are protected against this infection and infections using the same exploits.

To view the Microsoft Patches available to prevent the exploits, refer to the links below:
https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199

For more information on the attack carried out, refer to the links below:
https://www.us-cert.gov/ncas/current-activity/2017/06/27/Multiple-Petya-Ransomware-Infections-Reported
https://www.theverge.com/2017/6/27/15879480/petrwrap-virus-ukraine-ransomware-attack-europe-wannacry
https://www.tomsguide.com/us/petya-ransomware-attack,news-25389.html

For more information on the ransomware used in the attack, refer to the links below: 
https://securelist.com/petrwrap-the-new-petya-based-ransomware-used-in-targeted-attacks/77762/
https://securelist.com/petya-the-two-in-one-trojan/74609/

Below is a screenshot of what would be seen after the ransomware has been deployed and the files encrypted.

 

WANT TO LEARN MORE ABOUT PATCH MANAGEMENT?
FoxGuard provides a wide range of patch management solutions that help entities identify and mitigate gaps in the security of their systems and prepare for NERC CIP audits. We host a webinar series to discuss ways to develop and implement a robust patch management program. Reserve your spot in our next session.

RESERVE YOUR SPOT

If you want to discuss something specific, we will do that too! Just reach out, tell us what your challenges are, and we will have one of our security experts contact you.

TALK TO AN EXPERT