Tech Support

Recovering from the PetyaWrap Ransomware Attack & Preparing for Whatever’s Next

Businesses that fail to secure their networks from known exploits will continue to be targeted by malware attacks. Yesterday, those who didn’t learn this lesson during the recent WannaCry fiasco got a malicious reminder to regularly update network security and patch their OS.

PetyaWrap aka GoldenEye aka NotPetya, the latest ransomware variant to wreak global havoc, will first try to proliferate very much like its sibling WannaCry, via the EternalBlue exploit famously leaked from the NSA’s “stockpile of vulnerabilities.” However, PetyaWrap can also replicate through Microsoft’s native remote execution tool PsExec, granted that it can access the permissions to do so. The worm gathers permissions and user information through the embedded Mimikatz password recovery tool LSADUMP. As of yet, PetyaWrap has only proliferated through LAN networks, and there are no reports of the malware spreading through phishing emails across the open internet. The victims of PetyaWrap include banks, airports and critical infrastructure, including the Chernobyl nuclear plant and scores of Ukrainian government facilities.

So, what do you do if you’ve been infected? The anonymous email account used to collect payment information has since been shut down, with no further instructions for victims on recovering their data. Of course, in any instance of ransomware, there is no guarantee nor likelihood that data will be returned to the victim after the ransom has been payed.

The best defense against ransomware is an aggressive and proactive security policy. Prevention is key, and we hope that you had the foresight to develop an effective prevention and recovery plan:

  1. Maintain all software updates and patches, including the EternalBlue patch MS17-010
  2. Regularly back-up data and securely store backups
  3. Use up-to-date anti-virus and detection software, including anti-ransomware protection
  4. Enforce a stringent password policy, restrict user privileges and access, and secure network segments
  5. Be sensible and exercise caution whenever using technology


If you’d like to learn more about protecting your finances, your customers, and your data from ransomware attacks like WannaCry and PetyaWrap, click here to read our white paper “Protect Your Data from Ransomware.”


November 29, 2018 at 2:01 PM
In "secure remote support software", "Enterprise Remote Support", "Financial Technology", "Financial Services", "financial security", "remote support for atms", "remote access for atms", "atm support", "secure remote control", "Secure remote access"
October 2, 2018 at 11:12 AM
In "IT Security", "rdp security", "RDP ransomware", "RDP security risk", "rdp hack", "RDP attack vector", "rdp", "Secure remote access"
November 28, 2017 at 1:23 PM
In "Customer Service", "Financial Services", "Financial Technology", "GDPR Compliance", "Government Technology", "Health Technology", "Industrial Technology", "POS", "Remote Support", "Retail Technology"

Subscribe to Email Updates


Birkerød, DK
Portland, OR, US
Bucharest, RO
Manila, PH

Americas: +1 866 725 7833
Worldwide: +45 8987 4424

Our Tweets