Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Petya ransomware variant strikes on a global scale

October 20, 2017

  • Blog
  • Archive

Firms across the globe have been hit by a variant of the Petya or Petwrap strain of ransomware impacting Windows servers, PCs, and laptops. Initial reports suggest this latest attack struck The Ukraine initially but it has quickly spread to many other countries including Russia, Spain, France, the UK, The Netherlands, and the US. Currently the attackers are asking for $300 worth of Bitcoins to retrieve access to data.

So far, many high-profile organizations across the globe have been impacted and national infrastructure in the Ukraine has also been badly affected including the state power utility, Kiev’s airport, and metro system. The attack, at this stage, appears to be smaller in scale than the WannaCry outbreak back in May, but we’ll be monitoring its scale and impact over the coming hours and days. At the time of writing, Kaspersky estimated around 2,000 users had been affected.

So what do we know about Petya?

Though this is suspected to be a variant of Petya, this form of ransomware isn’t a new phenomenon and has been around for a few years. What we know is that Petya is incredibly quick to spread and acts slightly differently to more traditional forms of ransomware. Rather than encrypting files one by one, Petya encrypts the location containing sensitive data, preventing access to those parts of the network.

The usual entry point for Petya is through an email containing a Dropbox URL or an attachment and the executable usually differs from one dropper to another. In the examination of previous instances of Petya it’s also common to see this type of ransomware specifically targeting admin accounts to propagate across the corporate network. In order for Petya to execute it needs to run with admin privileges.

This current Petya attack appears to be using the same EternalBlue exploit as WannaCry. EternalBlue was leaked by the Shadow Brokers hacker group in April and was developed by the US National Security Agency.

Could it have been avoided?

The short answer is yes. In the immediate aftermath of the WannaCry attack, it became clear that many organizations had failed to regularly update and patch their systems, with many relying on antiquated operating systems to keep the business running. While we’ve only just begun to understand how this latest attack operates, I’d suspect that some of those organizations impacted had dropped the ball when it came to basic security hygiene.

We also know from previous Petya attacks that it depends on victims executing the malware with administrator rights on Windows in order to have file system level access. Without admin rights it will fail, underlining once again the importance of adopting a least privilege approach to security.

It’s critical that businesses implement this security best practice, including regular patching, application control and removing admin rights. In our testing, we found that these simple measures prevented the majority of cyber attacks.

Who is to blame?

Speculation as to who is behind this attack will now begin and the obvious finger pointing will focus on nation states. North Korea has been heavily linked with last month’s WannaCry attack. However, this attack could just as easily originate from a sophisticated organized crime unit. You don’t need to be technical or have the resources of a nation state to write this type of malware, there are novices doing this using toolkits readily available on the Dark Web.

As more information on this latest Petya attack becomes available, we’ll be providing more insight and analysis on the Avecto blog page. For more information on ransomware attacks and ways to mitigate against them, visit www.avecto.com

Andrew Avanessian,

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.