Chuck Leaver – Ziften Clients Are Protected From The Flaw In Petya Variant

Written By Josh Harriman And Presented By Chuck Leaver Ziften CEO

 

Another outbreak, another problem for those who were not prepared. While this most current attack is similar to the earlier WannaCry danger, there are some differences in this most current malware which is a variant or new strain just like Petya. Dubbed, NotPetya by some, this strain has a great deal of problems for anybody who experiences it. It may encrypt your data, or make the system entirely unusable. And now the email address that you would be needed to call to ‘maybe’ unencrypt your files, has been removed so you’re out of luck getting your files back.

Plenty of details to the actions of this threat are openly offered, however I wanted to touch on that Ziften consumers are secured from both the EternalBlue threat, which is one mechanism used for its propagation, and even better still, an inoculation based upon a possible defect or its own type of debug check that removes the risk from ever executing on your system. It could still spread out nevertheless in the environment, but our security would already be presented to all existing systems to halt the damage.

Our Ziften extension platform enables our consumers to have protection in place against specific vulnerabilities and harmful actions for this threat and others like Petya. Besides the particular actions taken versus this particular version, we have taken a holistic approach to stop particular strains of malware that perform different ‘checks’ against the system before performing.

We can likewise utilize our Search capability to try to find residues of the other proliferation strategies utilized by this risk. Reports show WMIC and PsExec being utilized. We can search for those programs and their command lines and usage. Although they are legitimate procedures, their usage is normally rare and can be notified.

With WannaCry, and now NotPetya, we expect to see a continued rise of these kinds of attacks. With the release of the recent NSA exploits, it has provided ambitious cyber criminals the tools required to push out their wares. And though ransomware risks can be a high commodity vehicle, more damaging threats could be launched. It has actually constantly been ‘how’ to get the risks to spread (worm-like, or social engineering) which is most tough to them.

~leaverchuck1


No Responses Yet to “Chuck Leaver – Ziften Clients Are Protected From The Flaw In Petya Variant”

Leave a Reply