After Wannacry ransomware attack last month, there is another attack the world is seeing which is believed to be a variant of the Petya ransomware virus starting 27th June 2017. As of now, this variant of Petya seems to have been released with EternalBlue exploit code, which WannaCry also utilized to propagate itself inside organizations. The delivery methods of this variant are believed to be via phishing emails or scams with the payload requiring local administrator access. You can read more about the Petya attack here:
Radia – ways to help protect your organization:
Microsoft has released a blog article that explains what this ransomware attack is, how it spreads through the network and the steps to protect your Endpoint infrastructure from this attack. The section ‘Protection against this new ransomware attack’ in the above article has outlined different steps the IT admins need to take to safeguard from this attack. You can read the article here:
This ransomware also mainly exploits the vulnerability present in the Microsoft’s implementation of Server Message Block (SMB) protocol. Accelerite team has released a customer advisory for Wannacry that has the details of various Windows operating systems and the respective security patches to be applied to protect the endpoints from this SMB vulnerability. As the same vulnerability holds good for this new Petya Cyber-attack, Accelerite customers are requested to read the advisory and ensure that the end points are patched up to date before following the additional steps outlined by Microsoft in the technet blog article above. You can read the Accelerite WannaCry customer advisory at:
This is a fast developing situation and we aim to keep posting updates here to provide the best protection for all our customers. Please watch this space.
If you have any more questions, please write to us at firstname.lastname@example.org