Semalt Expert – How To Combat Petya, NotPetya, GoldenEye And Petrwrp?
Forcepoint Security Labs has referred it as a Petya outbreak, but other vendors are using alternative words and additional names for it. The good news is this sample has cleared the duck test, and now files can be encrypted on disks without changing their extensions. You can also try encrypting the Master Boot Record and check its after-effects on the computer devices.
Paying Petya's ransom demand
Igor Gamanenko, the Customer Success Manager of Semalt, suggests you not to pay the ransom at any cost.
It is better to deactivate your email ID rather than paying ransom to the hacker or attacker. Their payment mechanisms are usually fragile and non-legitimate. If you are to pay the ransom through a BitCoin wallet, the attacker may steal a lot more money from your account without letting you know.
These days, it has become very tough to obtain unencrypted files regardless of the fact that decryption tools would be available in coming months. Infection Vector & Protection Statement Microsoft claims that the initial infection vendor has various malicious codes and non-legitimate software updates. In such circumstances, that vendor may not be able to detect the problem in a better way.
The current iteration of Petya aims to avoid communication vectors that have been saved by the email security and web security gateways. A lot of samples have been analyzed using different credentials to find out the solution of the problem.
The combination of WMIC and PSEXEC commands is far better than the SMBv1 exploit. As of now, it is unclear whether an organization that trusts third party networks will understand the rules and regulations of other organizations or not.
Thus, we can say that Petya brings no surprises for the Forcepoint Security Labs researchers. As of June 2017, Forcepoint NGFW can detect and block the SMB exploits leverages by the attackers and hackers.
Deja vu: Petya Ransomware and SMB propagation abilities
The Petya outbreak was recorded in the fourth week of June 2017. It has had a great impact on various international firms, with news websites claiming that effects are long-lasting. Forcepoint Security Labs has analyzed and reviewed different samples associated with the outbreaks. It looks like the reports of Forcepoint Security Labs are not entirely prepared, and the company requires additional time before it could come up with some conclusions. Thus, there will be a significant delay between the encryption procedure and running of the malware.
Given that the virus and malware reboot the machines, it may require several days before the final results are revealed.
Conclusion and recommendations
The conclusion and assessment of a far-reaching implication of the outbreaks are tough to draw at this stage. However, it looks like it is the final attempt to deploy self-propagating pieces of ransomware. As of now, Forcepoint Security Labs aims to continue its research on the possible threats. The company may soon come up with its final results, but it requires a significant amount of time. The use of SMBvi exploits will be revealed once the Forcepoint Security Labs present the results. You should make sure that security updates are installed on your computer systems. As per the policies of Microsoft, clients should disable SMBv1 on every Windows system where it is negatively affecting the functions and performance of the system.