Advertise on ITWeb         Mon, 18 Dec, 01:16:16 AM

DCC warns against spread of Petya ransomware

Drive Control Corporation, an official Symantec distributor, has alerted the ICT channel, businesses and individual PC users against the new strain of the Petya ransomware which started propagating yesterday (27 June 2017). Petya, similar to WannaCry, uses the External Blue (the MS17-010) vulnerability as one of the means to propagate.

Already cases of infection have been reported worldwide, with the latest attack displaying a ransom note demanding a payment of $300 in bitcoins for files to be recovered. Petya differs from other ransomware as it not only encrypts the files but also overwrites and encrypts the master boot record (MBR).

Fred Mitchell, division manager at Drive Control Corporation (DCC) comments that companies should never pay the ransom as it only encourages and funds attacks. "Also, don't provide any personal information when answering an e-mail, unsolicited phone call, text message or instant message.

"Phishers will try to trick employees into installing malware or gain intelligence for attacks by claiming to be from IT. Be sure to contact your IT department if you or your co-workers receive suspicious calls.

"It's also vital to employ content scanning and filtering on mail servers. Inbound e-mails should be scanned for known threats and should block any attachment types that could pose a threat. All systems and software are up-to-date with relevant patches," he says.

Symantec Endpoint Protection (SEP) and Norton products proactively protect users against attempts to spread Petya using Eternal Blue. SONAR (Symantec Online Network for Advanced Response) behaviour detection technology also proactively protects against Petya infections.

Enjoyed this story? Subscribe to ITWeb's Security News newsletter.

Editorial contacts

Liquid Letters
Sasha Endemann
(082) 805 6302
This e-mail address is being protected from spambots, you need JavaScript enabled to view it


Our comments policy does not allow anonymous postings. Read the policy here




Sponsors Message