Petya – Not New but Improved Ransomware


Thought Leadership

Petya – Not New but Improved Ransomware

Dena Bauckman

Today’s news is full of stories on Petya, the latest ransomware attack hitting companies around the world.  But this ransomware is not unique. In fact, Petya was first seen over a year ago. Like so many ransomware and malware attacks, Petya is back in a revised and improved form. The original version of Petya delivered its malicious payload via email, and as suggested in a recent article in Bleeping Computer and other sources, this latest version was lying dormant in tainted accounting software with a time bomb set to release the malicious code. Petya is spring-boarding off the success of WannaCry and spreading through a known vulnerability in unpatched Windows systems (reference MS17-010). This latest version of Petya is a perfect example of how attackers constantly refine their attacks and seek weak links that allow bad actors to spread their malicious code.

To protect your company against Petya, WannaCry and other variant ransomware attacks, you need to enforce the following three basic security best practices within your business infrastructure:
  • Keep Your Systems and Software Up-to-Date: Keeping up-to-date with the latest security patches can be a daunting task, however the alternative is much worse. Attackers are constantly looking for vulnerabilities that can be exploited and if you are running software with a known vulnerability, you are at risk. If keeping up with the constant inflow of security patches is overwhelming for your organization, consider moving applications to the cloud. Most application vendors today provide a cloud option for their products, and in doing so you can leverage vendor and cloud provider resources to ensure your applications are always up-to-date with the latest security updates.
  • Train Your Employees: Employees are still the weakest link in most organizations, which is why email is such a common attack vector. Make sure your employees are aware of the threats of clicking on links and attachments from unknown senders, the risk of visiting unsafe or unreliable websites, and the value of keeping files backed up regularly. Update them on the major threats and make sure they know how to identify and report suspicious emails and activities.
  • Implement Advanced Threat Protection: With attackers making a career out of identifying new ways to inject ransomware into your systems, it is imperative that you have the right tools in place to detect and block attacks. Start by identifying the most common threat vectors and focus on protecting those first. According to a 2016 study by Osterman Research, 59% of ransomware enters organizations through links and attachments in emails*. Make sure your organization is protected with an email threat protection solution that provides multi-layered filtering that can identify the latest ransomware variations and stop them before reaching your users.

News on Petya is just the latest reminder that attackers are always looking for your weakest link. Protect your company from Petya and other ransomware by keeping your systems and software up-to-date, training you employees and implementing advanced threat protection.

To learn more about Zix Email Threat Protection and register for a free, 30-day trial, click here.
*Understanding the Depth of the Ransomware Problem in the United States: An Osterman Research Survey Report; Osterman Research, Inc.; July 2016