Ms. Sharda Tickoo, Technical Head, Trend Micro India said, “In India, so far we have no cases of Petya that have been reported to us. The countries most affected are Europe, typically Ukraine and Russia. We would recommend the companies to maintain an important hygiene of updating systems with the latest patches, or consider using virtual patching in their absence. Take regular back-up of necessary data and proactively monitor the systems for any suspicious activity. And most importantly, because it is a ransomware, we have to secure the email gateway first. There are also certain URL categorizations that should be employed in work environment which can block access to malicious websites. Ensure that all the workstations have least privilege unless any workstation actually requires administrator privilege, as the ransomware spreads and tries to escalate the privileges. As it uses certain administrative tools like power shell, ensure that these utilities are restricted to administrators.”
Pointing out the similarities and differences between other ransomware, she further added, “There are a lot of similarities that are being drawn between Petya and WannaCry. WannaCry was a very basic form of ransomware attack and it used worm like techniques. Petya seems to be a thorough ransomware which uses different modalities. It is using EternalBlue vulnerability. It leverages multiple infection vectors not just one. The Petya ransomware modifies the Master Boot Record (MBR) and encrypts the system files. Once the MBR is modified by this ransomware, the system displays the ransom note instead of a black or blue screen. While the normal ransomware does not touch the MBR, but encrypts files and asks for ransom. The Petya ransomware is a combination of a wiper and a ransomware, because it wipes the MBR.”
About Trend Micro
Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud environments, networks and endpoints. All our products work together to seamlessly share threat intelligence and provide a connected threat defense with centralized visibility and control, enabling better, faster protection. With more than 5,000 employees in over 50 countries and the world’s most advanced global threat intelligence, Trend Micro enables organizations to secure their journey to the cloud. For more information, visit www.trendmicro.com.