Petya Ransomware – Get MIMECAST today!!!
Action plan to improve your cyber resilience
against the latest mass outbreak
What is it?
Today a major new ransomware attack has hit businesses globally, but initially in the
Ukraine, Russia, and across Europe. This has been identified as an updated strain of
the Petya ransomware that was identified back in March.
The malware appears to arrive via a Microsoft Word document in an email and is then
able to spread rapidly to other machines on the network using the same EternalBlue
exploit used by WannaCry last month. Microsoft has patched the underlying
vulnerability in the SMBv1 file sharing protocol for all versions of Windows, but if
hotfixes are not deployed, users remain vulnerable.
Who is affected?
Over 150 countries and hundreds of thousands of computers across the globe in
several industry sectors have been affected high profile companies including Maersk,
WPP and the Ukrainian State Power Company.
What does it do?
When the Word document is opened, a file is dropped and executed. This creates a
scheduled task that reboots the machine an hour after infection.The malware also
searches infected machines for user credentials which are then used to spread the
infection further across the network. Additionally, the malware then spreads to other
unpatched machines on the network automatically and self-installs. After reboot, the
malware encrypts files and demands a ransom of $300.
Are Mimecast Customers Safe?
Mimecast help prevent against email borne attacks using Mimecast Targeted Threat
Protection – Attachment Protect which is able to detect and block the infected Word
document email attachment, thereby preventing infections by this ransomware
For customers without Targeted Threat Protection, the anti-virus engines in Mimecast’s
Secure Email Gateway have signatures to detect this current variant or Petya.
While the initial infection is via a weaponized Word document sent in an email, we also
recommend customers review their web, endpoint, perimeter and other network
security in line with best practice for each of these areas.