Charles Leaver – Ziften Customers Secure From Troublesome Petya Variant Flaw

Written By Josh Harriman And Presented By Charles Leaver Ziften CEO


Another infestation, another problem for those who were not prepared. While this latest attack is similar to the earlier WannaCry threat, there are some distinctions in this most current malware which is an alternative or new strain much like Petya. Called, NotPetya by some, this strain has a lot of issues for anyone who experiences it. It might encrypt your data, or make the system entirely unusable. And now the email address that you would be needed to contact to ‘perhaps’ unencrypt your files, has been removed so you’re out of luck getting your files back.

A lot of information to the actions of this threat are publicly readily available, however I wanted to discuss the fact that Ziften customers are secured from both the EternalBlue threat, which is one mechanism used for its propagation, and even much better still, a shot based upon a possible defect or its own kind of debug check that gets rid of the hazard from ever operating on your system. It could still spread nevertheless in the environment, but our protection would currently be rolled out to all existing systems to stop the damage.

Our Ziften extension platform allows our customers to have defense in place versus particular vulnerabilities and destructive actions for this danger and others like Petya. Besides the particular actions taken versus this specific variant, we have taken a holistic approach to stop particular strains of malware that conduct different ‘checks’ against the system prior to operating.

We can likewise utilize our Search ability to search for residues of the other propagation techniques used by this threat. Reports reveal WMIC and PsExec being used. We can search for those programs and their command lines and usage. Although they are legitimate processes, their use is usually uncommon and can be alerted.

With WannaCry, and now NotPetya, we anticipate to see an ongoing rise of these types of attacks. With the release of the current NSA exploits, it has actually provided enthusiastic cyber criminals the tools required to push out their malware. And though ransomware dangers can be a high product vehicle, more damaging threats could be launched. It has always been ‘how’ to obtain the risks to spread out (worm-like, or social engineering) which is most challenging to them.