Schedule Demo Contact Us

Promisec can help you prevent Petya Or NotPetya Ransomware

Our cloud based tool can can help your organization immediately detect Petya Or NotPetya Vulnerability.

Register Free for an Integrity Account and scan within minutes.





By creating an account you are agreeing to Promisec's terms and conditions policy.


success
A confirmation and further details have been sent to your registered Email ID.

What is Petya Or NotPetya Ransomware?

How to prevent it?

Researchers have spotted a variant of last year’s Petya ransomware, now with updated crypto and ransomware models.

Kaspersky’s Anton Ivanov and Fedor Sinitsyn say the attack, which they’ve dubbed “PetrWrap”, uses the PsExec tool to install ransomware on any endpoint it can access.

Rather than use the original Petya, which was cracked last April, “the group behind PetrWrap created a special module that patches the original Petya ransomware ‘on the fly’”, the Kaspersky post states.

  1. Deploy the latest Microsoft patches, including MS17-010 which patches the SMB vulnerability. Promisec can verify that the different patches are deployed and generate report with the vulnerable endpoints. Promisec will verify that one of the available patches is installed. PEM will scan for the following patches: March Security Only Quality Update, April Security Only Quality Update, May Security Only Quality Update, June Security Only Quality Update and June Security Monthly Quality Rollup.
    See step-by-step explanation how to do it is in Appendix A and/or call your support sales engineer in Promisec/Promisec partner for assistance.
  2. Consider with caution disabling SMBv1 to prevent spreading of malware. Microsoft article elaborate the different options: https://support.microsoft.com/en-us/help/2696547/how-to-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and-windows  With Promisec you can monitor and verify that SMBv1 is disabled if required. You can create a “user defined” registry object scan and look for the following Key in the registry:

Key name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters

Value: SMB1

Data: 0

  1. Ensure you have the latest updates installed for your anti-virus software. Promisec AV as part of the standard compliance scans and/or specific AV compliance scans on a regular basis.
  1. HASH Match with Promisec FIM module – In addition, you can have an inspection of specific known hashes of Petya/NotPetya that are related to the attack with Promisec FIM module. Step-By Step description is in Appendix 2. Customers that did not purchase this module are invited for a free 30 days trial – please contact your Promisec support rep.

1. Deploy the latest Microsoft patches

Including MS17-010 which patches the SMB vulnerability. Promisec can verify that the different patches are deployed and generate report with the vulnerable endpoints. Promisec will verify that one of the available patches is installed. PEM will scan for the following patches: March Security Only Quality Update, April Security Only Quality Update, May Security Only Quality Update, June Security Only Quality Update and June Security Monthly Quality Rollup.
Step by Step in PEM:

Report template loading– Upload files Petya -NotPetya – WannaCry Detailed by Host Report.rdl (attached) to the reporting services:

2. Apply monthly update of June-17-PEM-5. pkg

3. Check update

4. Build Configuration for Petya -NotPetya – WannaCry exposure scan

5. Generate Petya -NotPetya – WannaCry Detailed Report by Host

1. Create Cyber Configuration (FIM HASH Match is part of this configuration)

2. Load HASH list known as part of Petya/NotPetya IOC (Indication of Compromise) from attached .txt file:

Promisec can help you prevent
NotPetya ransomware

  • Light touch on premise installation plus optional cloud scanning capabilities.
  • Rapid search and detect functionality across 1000s of endpoints
  • Quick patch deployment and verification
  • Get it now for 90 days, no cost!

Contact us today to see how we can help against NotPetya!