OUR THOUGHTS ON:

Petya or NotPetya, that isn't the question.

Cybersecurity|Risk Advisory/Internal Audit|Technology

By Dan Desko

A slightly new strain of malware, dubbed “Petya”, has been making its rounds on the internet recently and it has even hit close to home here in Pittsburgh. Some researchers have named it Petya as they believe it resembled a previous ransomware strain. Other firms, such as Kaspersky Lab beg to differ and have cleverly named the malware “NotPetya”.

Regardless of the name, this malware is exploiting the same Windows vulnerability that the prolific WannaCry malware strain used. One of the major differences of this new strain of malware is that it appears to be more destructive in nature, which is different than the extortionist nature of the WannaCry strain. The reason why it appears to be more destructive (intentionally or not) is the fact that the payment mechanisms (to retrieve the de-encryption key) have not been carefully organized; this leads security researchers to believe that the purveyor of this malware was either inexperienced or had destruction in mind rather than payment. In fact, as of this writing, the single email address that is displayed by the ransomware and was used to communicate with the hackers to transfer ransom for the decryption key, has been shut down by the provider. This means that there is no longer any way for people to contact the attacker for a decryption key to unlock their computer.

The flaw that this ransomware is exploiting is an issue with Version 1 of Microsoft’s File Sharing service, SMB (Server Message Block). The fix is outlined here. If you have systems using SMBv1, you also may have deeper issues within your network, as this is a vastly outdated protocol. This patch was released in March, well before both of these attacks occurred, which highlights the need for effective patch management processes.

This is what an infected machine looks like:

For more information on ransomware and tips to prevent and recover, see a previous article that we published here. To speak to someone about the Petya Virus, contact us. 

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2018 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

comments