Recovering from the PetyaWrap Ransomware Attack & Preparing for Whatever’s Next

As the saying goes, “Fool me once…”

Businesses that fail to secure their networks from known exploits will continue to be targeted by malware attacks. Yesterday, those who didn’t learn this lesson during the recent WannaCry fiasco got a malicious reminder to regularly update network security and patch their OS.

PetyaWrap aka GoldenEye aka NotPetya, the latest ransomware variant to wreak global havoc, will first try to proliferate very much like its sibling WannaCry, via the EternalBlue exploit famously leaked from the NSA’s “stockpile of vulnerabilities.” However, PetyaWrap can also replicate through Microsoft’s native remote execution tool PsExec, granted that it can access the permissions to do. The worm gathers permissions and user information through the embedded Mimikatz password recovery tool LSADUMP. As of yet, PetyaWrap has only proliferated through LAN networks, and there are no reports of the malware spreading through phishing emails across the open internet. The victims of PetyaWrap include banks, airports and critical infrastructure, including the Chernobyl nuclear plant and scores of Ukrainian government facilities.

So, what do you do if you’ve been infected? The anonymous email account used to collect payment information has since been shut down, with no further instructions for victims on recovering their data. Of course, in any instance of ransomware, there is no guarantee nor likelihood that data will be returned to the victim after the ransom has been payed.

The best defense against ransomware is an aggressive and proactive security policy. Prevention is key, and we hope that you had the foresight to develop an effective prevention and recovery plan:

  1. Maintain all software updates and patches, including the EternalBlue patch MS17-010
  2. Regularly back-up data and securely store backups
  3. Use up-to-date anti-virus and detection software, including anti-ransomware protection
  4. Enforce a stringent password policy, restrict user privileges and access, and secure network segments
  5. Be sensible and exercise caution whenever using technology

If you’d like to learn more about protecting your finances, your customers, and your data from ransomware attacks like WannaCry and PetyaWrap, click here to read our white paper “Protect Your Data from Ransomware.”