Written By Josh Harriman And Presented By Chuck Leaver Ziften CEO
Another outbreak, another problem for those who were not prepared. While this newest attack resembles the earlier WannaCry threat, there are some distinctions in this most current malware which is a variant or new strain similar to Petya. Called, NotPetya by some, this strain has a lot of issues for anybody who encounters it. It may encrypt your data, or make the system entirely unusable. And now the email address that you would be needed to call to ‘possibly’ unencrypt your files, has actually been removed so you run out luck retrieving your files.
A lot of details to the actions of this threat are openly readily available, however I wanted to touch on the fact that Ziften clients are secured from both the EternalBlue threat, which is one mechanism used for its propagation, and even better still, an inoculation based upon a possible flaw or its own kind of debug check that removes the threat from ever performing on your system. It could still spread however in the environment, but our protection would already be presented to all existing systems to stop the damage.
Our Ziften extension platform allows our clients to have protection in place versus certain vulnerabilities and malicious actions for this risk and others like Petya. Besides the particular actions taken against this particular variant, we have taken a holistic approach to stop specific strains of malware that carry out numerous ‘checks’ versus the system prior to executing.
We can also utilize our Browse capability to look for remnants of the other proliferation methods used by this threat. Reports show WMIC and PsExec being utilized. We can search for those programs and their command lines and usage. Although they are legitimate procedures, their usage is normally rare and can be notified.
With WannaCry, and now NotPetya, we expect to see an ongoing increase of these types of attacks. With the release of the recent NSA exploits, it has given ambitious hackers the tools needed to push out their malware. And though ransomware dangers can be a high commodity vehicle, more destructive hazards could be released. It has actually always been ‘how’ to obtain the dangers to spread out (worm-like, or social engineering) which is most difficult to them.