
How Petya propagates, and what to do
While information regarding Petya is still being researched, the screenshot below shows Petya in the process of encrypting the MBR.
Recommendations for mitigating the risks of ransomware like Petya
- Do not allow users to log in with administrator access. Most users only require a handful of applications that require elevated rights to perform their job duties. PowerBroker for Windows can easily create policy that allows these apps to run as expected without giving the user those rights. Petya is seen to require administrative access to install. Without these rights, it cannot infect the system.
- Maintain a regular backup of important or critical data. As advised, if you do become infected, rather than pay the ransom, you should wipe and reinstall the operating system, and restore from a known good backup. Equally important, however, is that this backup location should not be ‘always on’. In other words, it should not be accessible to the ransomware. Maintaining a password management system to access this backup location will also ensure unintended access cannot be granted.
- Use effective Application Control: Controlling which applications are even allowed to execute should be a critical priority in your security model. PowerBroker for Windows includes Application Control as part of its core functionality. Additionally, these policies can be triggered based on the state of the machine, (e.g. If SMB 1 is enabled, do not allow the execution of certain applications).
Jason Silva, Sr. Solutions Engineer, BeyondTrust
Jason Silva brings over 25 years of solutions and management experience to the industry. Currently serving as Senior Solutions Engineer for BeyondTrusts' Universal Privilege Management Platform, he uses this knowledge to help customers realize the value of our solutions throughout the product lifecycle. Earlier in his career, he found success as a software developer in a global consulting company and spent over four years managing IT and Regulatory Compliance in the banking industry.
Specialties: Microsoft Active Directory, Microsoft Group Policy, Pre and Post Sales Training, Sales Engineering, Enterprise Security Tools, Privileged Access Management