Menu
Company
Solutions
Services
What's New
Resources
GTI Innovation Centre
Company
Company Profile
Solutions
Modernized Infrastructure
Security
Secure Hybrid Cloud
Storage & Disaster Recovery (DR)
Software Applications
Mobility
Services
Introduction
Infrastructure Services
Maintenance & Support
Managed Services
Cybersecurity Services
Cloud Services
Advanced Solution Platform Design & Implementation
What's New
Events
News
Resources
Brochures & Leaflets
GTI Interviews
GTI Success Stories
Promotions
GTI Innovation Centre
Overview
infrastructure
Modernized Infrastructure
security
Security
hybirdcloud
Secure Hybrid Cloud
recovery
Storage & Disaster Recovery (DR)
software
Software Applications
mobility
Mobility

Security News on Petwrap


On June 27, 2017, a new variant of Ransomware: Win32 / Petya was observed spreading in several countries. This is known as Petwrap / Petrwrap / Petya / NotPetya / Nyetya and the industry is debating if the ransomware is directly related to another known ransomware Petya.

The new variant added a worm-like capability that allows it to spread across affected networks. It was reported that the ransomware used phishing email to spread. It incorporated the attack method from the WannaCry ransomware targeting SMB v1.0 vulnerability. Once infected, the machine will spread via local network before it encrypts data on local machine.

HKCERT and Microsoft have published more details and recommend solutions to address this new variant of cyberthreat. The information links are provided below for easy reference. Companies should take action immediately to mitigate the risk.

The followings are actions recommended by HKCERT to address this threat:

  1. Apply latest Windows security update.
    Direct links for downloading patch for individual Windows versions are provided (exceptional Windows XP, Windows Server 2003 and Windows 8 patch also released):
    https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
    (please scroll down to the bottom for details)

  2. Minimize the number of people with domain administrative privilege in your organization and use normal privilege accounts in daily operation.

  3. Ensure the personal firewall is on and blocks incoming SMB traffic (close TCP ports 139 and 445 technically).

  4. Ensure that anti-virus or Internet security application is installed, and have its signature updated.

  5. Perform offline backup (i.e. backup in another storage device, disconnect it after backup).

  6. Do not open links and attachment in any suspicious emails.

  7. Ensure that your computer have baseline protection, i.e. enable and run Windows Update, install anti-virus application with signature updated, enable Windows Firewall.

 

Useful links:

HKCERT Alert: Petwrap / NotPetya Ransomware Encrypts Victim Data
http://www.hkcert.org/my_url/en/alert/17062801

Microsoft Security Update about Win32/Petya
https://www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=Win32/Petya

Microsoft Security Advices: Help prevent malware infection on your PC
https://www.microsoft.com/security/portal/mmpc/shared/prevention.aspx

FireEye threat research blog about this attack wave:
https://www.fireeye.com/blog/threat-research/2017/06/petya-ransomware-spreading-via-eternalblue-exploit.html

 

If you will need more information or any help of our GTI Security Consultants, please contact us at inquiry@gti.com.hk or 2881 4800. 

Security
Security
ISO-9001 ISO-20001 ISO-27001
ISO icon
Company
Solutions
Services
What's New
Resources
GTI Innovation Centre
Government SOA GTI Xpress Contact Us Careers CHINA Search
Copyright © 2024 GTI. All Rights Reserved. | Terms & Conditions | Privacy Statement
Copyright 2016 GTI. All rights reserved.
Terms & Conditions | Privacy Statement