Over the past 24-48 hours there have been multiple reports of a new ransomware outbreak that initiated in Europe and has spread to the United States. It has been identified as an updated strain of the Petya ransomware and has been called many different names including Petya, NotPetya and Goldeneye.
As of right now the outbreak is smaller than WannaCry but the ransomware is more advanced and has even taken down large banks, airports and energy companies. This malware can arrive through a Microsoft Word document (among other methods) within an email and then spread via the local network (LAN) using the “EternalBlue” exploit along with another NSA exploit called ETERNALROMANCE. Both exploits have been patched by Microsoft. Wanna Cry also used the “EternalBlue” exploit but it reached further since it spread via the Internet rather than via the LAN.
What Can You Tell Your Customers To Do?
1. Do not open Microsoft Word documents sent in an email from unknown individuals or from sources that seems suspicious.
2. We recommend that your customers update their Windows Operating System immediately if they have not done so. You can also direct them to the Microsoft support site where they can set up automatic Windows Updates.
3. We also recommend that they have an advanced anti-malware/anti-ransomware solution in place that can prevent the execution of ransomware. SecureIT Plus, (included in all Tech Home packages), maximizes protection for consumers, while SecureIT Pro, (included in Tech Office) helps keep businesses safe from these type of threats.
4. Advanced users of Windows can create their own “vaccine” for this specific ransomware. Important Note: This may only work for some strains. It is not a solution for all. We still recommend that customers update Windows and get a behavior based anti-virus solution in place first.
There is no known kill-switch for this ransomware at this time so it is very important to be vigilant. Backup files, update operating systems and make sure anti-virus/anti-ransomware is in place.
Contact us for details on Tech Home and Tech Office at 1-877-725-4839 or email partners@securitycoverage.com.
