Ransomware – Petya and its inevitable many variants
By now, most of the IT world has been made aware of a cyber attack initially focussed on the Ukraine. Almost following the sun’s dawn across the globe, the infection has spread to Europe, America and finally nit the Pacific nations..
Petya exploits the same vulnerabilities as the Wannacry ransomware infection of a few weeks ago. Goldeneye (Petya variant) has already made its presence known, with NotPerya, Petya.C and even a PetyaCry following on.
The initial attack vector was an update for a tax accounting app called Medoc. This was effected through the usual Phishing styled attacks, relying on the unobservant or uninformed (ooooh it's bright and shiny, let me get that!) opening up the payload as an attached Office document.
The BIG change from the initial attack is that variants collects locally stored login credentials, the uses a tool usually employed by Admin level staff (PsExec) to get in and cause damage….
Petya’s variants encrypt the Master Boot Record, effectively disabling the machine.
What to do if you think you are vulnerable?
Call me, or email me, and I will get my super tech team onsite to evaluate and assist in hardening your systems against attack
Anton
027 524 9995
anton.schutte@selectit.co.nz