Topic-icon Not Petya

5 months 2 weeks ago #3597 by mandyplayhard

It was reported that the suspected Petya virus was not a ransomware but a wiper. :ohmy: Countries affected by it are all scrambling, some has to rely on manual work as a consequence.

At home, we see how our businesses are responding to it, with several companies telling their staff not to turn on their computers as a precaution.Can't imagine the impact to us if it really hit us, given our heavy dependence on technology. The consolation is that we are not hit yet.

It is a wake-up call for us to think about enhancing our business contingency plans with such cyber attacks on the rise.

Please Log in or Create an account to join the conversation.

5 months 2 weeks ago #3598 by mightygal

Indeed....it is also a reminder that IT security should be given the due attention than a decade before. Could not emphasize enough how critical it is to have a strong cyber security strategy in any organisation.

Please Log in or Create an account to join the conversation.

5 months 2 weeks ago #3599 by moomoo77

mightygal wrote:

Indeed....it is also a reminder that IT security should be given the due attention than a decade before. Could not emphasize enough how critical it is to have a strong cyber security strategy in any organisation.
We need to think of business continuity in such situations because the ransomware lock up your entire computer system and if you decided not to pay, there goes your data. So it's always safer to keep a backup of your business data and emails.

Please Log in or Create an account to join the conversation.

5 months 2 weeks ago #3600 by merlionguy

Hmm... this must be one of the worst malware ever, quite scary it seems. i wonder could our antivirus be more proactive to protect our computers.

Please Log in or Create an account to join the conversation.

5 months 2 weeks ago #3602 by KudoShinichi

AV wont help it is a zero-day malware since AV is signature-based.

Please Log in or Create an account to join the conversation.

5 months 2 weeks ago #3603 by KudoShinichi

www.bleepingcomputer.com/news/security/v...ransomware-outbreak/
In the first hours of the attack, researchers believed this new ransomware was a new version of an older threat called Petya, but they later discovered that this was a new strain altogether, which borrowed some code from Petya, hence the reason why they recently started it calling it NotPetya, Petna, or as we like to call it SortaPetya.


www.csa.gov.sg/singcert/news/advisories-...tya-petna-ransomware

SingCERT recommends taking the following steps to secure your system
- Ensure that your Windows-based systems are fully patched. In particular, security update (MS17-010) should be applied.
- Ensure that your anti-virus software is updated with the latest malware definitions
- Perform file backups and store them offline so that it can be used to restore your systems if an attack occurs
- Block inbound connections on TCP Port 445
- Disable all unrequired services
- Monitor your systems for privilege escalation

Lateral Movement
Petya/Petna uses the Management Instrumentation Command-line(WMIC) tool, establishing connections to hosts on the local subnet and attempts to execute itself remotely on these hosts.

Petya/Petna uses ETERNALBLUE exploit tool on the local subnet to spread to additional hosts. The vulnerability exists because of the SMB version 1 server in various versions of Microsoft Windows accepting specially crafted packets from remote attackers, allowing them to execute arbitrary code on the target computer.

Petya/Petna scans the local network to discover enumerate ADMIN$ shares on other systems. If the infected system has sufficient rights to write and execute files, it then copies itself and executes the malware using PSEXEC.

Please Log in or Create an account to join the conversation.