Drive Control Corporation, an official Symantec distributor, has alerted the ICT channel, businesses and individual PC users against the new strain of the Petya ransomware which started propagating on 27 June 2017. Petya, similar to WannaCry, uses the External Blue (the MS17-010) vulnerability as one of the means to propagate.
Already cases of infection have been reported worldwide, with the latest attack displaying a ransom note demanding a payment of $300 in bitcoins for files to be recovered. Petya differs from other ransomware as it not only encrypts the files but also overwrites and encrypts the master boot record (MBR).
Fred Mitchell, division manager at Drive Control Corporation (DCC) comments that companies should never pay the ransom as it only encourages and funds attacks. “Also, don’t provide any personal information when answering an e-mail, unsolicited phone call, text message or instant message.
“Phishers will try to trick employees into installing malware or gain intelligence for attacks by claiming to be from IT. Be sure to contact your IT department if you or your co-workers receive suspicious calls.
“It’s also vital to employ content scanning and filtering on mail servers. Inbound e-mails should be scanned for known threats and should block any attachment types that could pose a threat. All systems and software are up-to-date with relevant patches,” he says.
Symantec Endpoint Protection (SEP) and Norton products proactively protect users against attempts to spread Petya using Eternal Blue. SONAR (Symantec Online Network for Advanced Response) behaviour detection technology also proactively protects against Petya infections.