Petya. Another WannaCry WannaBeJune 28, 2017
Petya has arrived. Petya is a new infection exploiting the same issue as WannaCry. It has attacked computers around the world including servers at Russia’s biggest oil company and disrupting operations at Ukranian banks. There have been reports that companies in Australia have also been affected.
Microsoft has already patched WannaCry with MS17-010. It looks like it is infecting systems through a phishing attack but this is still being confirmed. It may have some new tricks though. It may be installing LSADump which can export a password hash for all users that have ever logged onto an infected system. The hashes can then be used to crack the password.
What to do?
• Make sure patches for every system on your network are up to date
• Ensure all the standard security controls such as firewalling, Anti-Virus, and Cloud Access Security Broker tools are in place and working well.
• Make sure user training is also up to date with a staff reminder about ransomware and perhaps even by running a simulated phishing attack using tools such as PhishAway.com