Not Petya

We’ve had WannaCry, WannaCrypt, Petya and now Not Petya, all variants of a style of malware called crypto lockers.   Essentially software that gets onto your system and encrypts your files and stops you using them due to you not having the decryption key to open them.

The term ransomware is used because affected users usually must pay in anonymous payments called Bitcoins to release the decryption key from organised criminal groups.

Not Petya is merely todays latest variant.  Which differs from those we’ve seen in past weeks because it is encrypting the file system of Windows machines and altering Master Boot Record (MBR), preventing Windows machines from boot and leaving a lovely ransom note.

Top tips

Unfortunately, hindsight may have brought you to this post!  We hope not as the following often need some previous planning:

  • Backup, backup and backup! The best way of recovering your data from this type of malware is to restore from recent backups.  We recommend quite a number of different systems based on your maximum tolerable downtime requirements – talk to us for more information.
  • Patch your software and not just Windows. Obviously, the absolute minimum would be to carry out all the critical Windows updates on both servers and workstations.  We would also recommend that updates for other applications such as Adobe Acrobat, Java etc are done.  These can often be overlooked security holes that can allow malware in.  If you need help with patch management and compliance reporting, this is something Unleashed help our clients with.
  • Access management! We often find that users are given far too much access both to network shares and access to their workstations.  No user should have administrative rights and the ability to install software on their PC without a separate dedicated admin account and that includes IT Managers!  You guessed it, we can also help with identity and access management – and the most important bit the audit of those accounts.
  • You may ask what’s the use of antivirus as everyone is getting these issues with up-to-date antivirus software?  However, antivirus is often useless against new or 0-day viruses, but should one of the other steps above have failed, they offer another layer of defence.  More modern antivirus software which Unleashed deliver for our customers works with behavioural analysis, detecting unusual behaviour such as processing of encryption at an unusual point in your workday.
  • Firewalls and antispam. Modern next generation firewalls can detect unusual payloads being downloaded into the company and stop that activity in its tracks, much like modern antivirus they can also look at behavioural analysis.  They can also look at command and control activies and again block them.  Unleashed work with many firewall vendors and can find the best one for your company.

If you wish to read more tips, then read more on our post about steps for IT Managers to take.