Petya/Petwrap malware alert
April 20, 2018
Ransomware introduces malicious software onto a target computer or server to exploit one or more programmatic flaws and gain expanded access to the computer. With files “locked” with an encryption key that only the attacker possesses, the impacted user is asked to pay money—often in the digital currency bitcoin—to reinstate access to the encrypted files. Ransomware in itself is not the real risk. The risk lies in the impact to the business that is caused by a service or process that has been suddenly removed. Now, Ransomware-as-a-Service (RaaS) is enabling less-skilled malicious actors to employ this threat tactic, with high reward for little effort or technical knowledge.
In the last year, we have seen high-profile cyber attacks from destructive malware as a result of people mistakenly downloading malicious files. A variant of the Petya/Petwrap malware was in evidence in June 2017 when companies’ computers in Europe, the Middle East and the United States were hit with a ransom note demanding US$300 to recover their files. Such an incident highlights not only the frequency and sophisticated of cyber threats, but also serves as a reminder of the outcomes of human error.
Download the report and take practical steps today to protect your organization from future malware attacks like Petya/Petwrap:
Adopt proactive prevention: Many, but not all, ransomware attacks are initiated by a disguised trustworthy entity asking for sensitive information via an electronic communication. Known as phishing, employees can be helped to recognize such scams through prevention training and awareness programs. Make it easy for your employees to report fraudulent e-mails quickly, and keep testing internally to prove the training is working.
Elevate e-mail controls: Strengthening e-mail controls can often prevent malicious e-mails from reaching employees. Maintain strong spam filters and authentication. Scan incoming and outgoing e-mails to detect threats and filter executable files. Consider a cloud-based e-mail analytics solution and revisit how you configure your e-mail.
Insulate your infrastructure: Stay one step ahead of smart attackers by removing or limiting local workstation admin rights or seeking out the right configuration combinations (virus scanners, firewalls and so on). Also, regular patches of operating systems and applications can foil known vulnerabilities—Microsoft patches related to the WannaCry threat is one of the measures that should be included as part of a normal patching cycle.
Plan for continuity: Having a strong cyber resilience plan for recovery that is regularly reviewed, updated, and tested makes it easier to avoid paying any ransom. Recovery objectives must be aligned to the critical tasks within an acceptable timeframe. Workstations and file servers should not be constantly connected to backup devices, and the backup solution should store periodic snapshots rather than regular overwrites of previous backups, so that in the event of a successful attack, backups will not be encrypted.
Accenture Security is a leading provider of end-to-end cybersecurity services, including advanced cyber defense, applied cybersecurity solutions and managed security operations. We bring security innovation, coupled with global scale and a worldwide delivery capability through our network of Advanced Technology and Intelligent Operations centers. Helped by our team of highly skilled professionals, we enable clients to innovate safely, build cyber resilience and grow with confidence. Follow us @AccentureSecure on Twitter or visit us at www.accenture.com/security.
Accenture, the Accenture logo, and other trademarks, service marks, and designs are registered or unregistered trademarks of Accenture and its subsidiaries in the United States and in foreign countries. All trademarks are properties of their respective owners. All materials are intended for the original recipient only. The reproduction and distribution of this material is forbidden without express written permission from Accenture. The opinions, statements, and assessments in this report are solely those of the individual author(s) and do not constitute legal advice, nor do they necessarily reflect the views of Accenture, its subsidiaries, or affiliates. Given the inherent nature of threat intelligence, the content contained in this report is based on information gathered and understood at the time of its creation. It is subject to change. Accenture provides the information on an “as-is” basis without representation or warranty and accepts no liability for any action or failure to act taken in response to the information contained or referenced in this report.
Copyright © 2020 Accenture. All rights reserved. Accenture, its logo, and High Performance Delivered are trademarks