Written By Josh Harriman And Presented By Charles Leaver Ziften CEO
Another outbreak, another headache for those who were not prepared. While this newest attack resembles the earlier WannaCry danger, there are some differences in this latest malware which is a variant or brand-new strain much like Petya. Called, NotPetya by some, this strain has a lot of problems for anybody who encounters it. It may encrypt your data, or make the system entirely unusable. And now the email address that you would be required to contact to ‘perhaps’ unencrypt your files, has actually been taken down so you run out luck retrieving your files.
Lots of information to the actions of this threat are publicly available, but I wished to discuss that Ziften clients are safeguarded from both the EternalBlue exploit, which is one mechanism used for its propagation, and even better still, a shot based upon a possible flaw or its own kind of debug check that eliminates the hazard from ever performing on your system. It could still spread nevertheless in the environment, but our defense would currently be presented to all existing systems to stop the damage.
Our Ziften extension platform enables our consumers to have security in place versus certain vulnerabilities and harmful actions for this hazard and others like Petya. Besides the particular actions taken versus this specific variant, we have actually taken a holistic approach to stop particular strains of malware that perform numerous ‘checks’ against the system prior to operating.
We can likewise utilize our Search ability to search for remnants of the other proliferation techniques utilized by this danger. Reports reveal WMIC and PsExec being used. We can search for those programs and their command lines and usage. Even though they are legitimate procedures, their use is generally uncommon and can be alerted.
With WannaCry, and now NotPetya, we anticipate to see an ongoing increase of these types of attacks. With the release of the recent NSA exploits, it has given ambitious hackers the tools needed to push out their wares. And though ransomware threats can be a high commodity vehicle, more harmful risks could be launched. It has constantly been ‘how’ to get the hazards to spread out (worm-like, or social engineering) which is most challenging to them.