Defence against the wrath of Ransomware

NOVI, Mich. - June 28, 2017 - PRLog -- The recent attack by Petya ransomware is another warning to organizations about the possible catastrophe of vulnerabilities in their networks or IT infrastructure. Petya Ransomware is spreading fast with Ukraine being the worst hit country in last 24 hours. It uses the same exploit, which WannaCry had used to propagate itself and has created havoc in the recent past. The exploit has been provided with a patch by Microsoft way back in March 2017, but many organizations missed updating their OS and network.

Eternal Blue was the exploit which was used by WannaCry and it uses the SMB protocol vulnerability to propagate throughout the network. However, Petya Ransomware not just encrypts the files but after encrypting them, tries to encrypt the MBR too, effectively rendering the infected systems un-bootable.

According to our findings, Petya was pushed through an update for MeDoc financial software used mostly by organizations in Ukraine and phishing emails were the major source for starting of infection.

In India, "The (shipping) ministry has confirmed that one terminal at JNPT has been affected due to the attack at Maersk's Hague office," an official said, adding that the government will share a report / statement shortly.

Due to this attack, the operations at JNPT's GTI (Gateway Terminals India) have come to a standstill. However, this seems to be an isolated incident within India and the impact on India by Petya Ransomware seems to be very limited. Last month's WannaCry's attack had forced numerous organizations to implement the patches released by Microsoft to update their OS. However, there might exist some organizations that are still lagging behind.

Until now the Bitcoin address which is being used by Petya Ransomware has received 42 transactions worth 3.75228155 BTC equivalents to 9490.80 USD in less than 24 hours. However, the email-id which is being used to communicate with the criminals has been suspended by the service provider, hence rendering all the efforts of getting the decryption key futile. Due to this, victims should detest from making any payments to the criminals.

To stay safe from such attacks, all the organizations and users need to ensure that, the patches released by Microsoft have been updated or patched such as below:

1. NSA Hacking Tool - EnglishmanDentist
Exploit CVE - CVE-2017-8487
Patch Download Link - https://support.microsoft.com/en-us/help/4025218/security...

2. NSA Hacking Tool - "EsteemAudit"
Exploit CVE - CVE-2017-0176
Patch Download Link - https://support.microsoft.com/en-us/help/4022747/security...

3. NSA Hacking Tool - "ExplodingCan"
Exploit CVE - CVE-2017-7269
Patch Download Link - https://support.microsoft.com/en-us/help/3197835/description-of-the-security-update-for-windows-xp-and-windows-server

4. NSA Hacking Tool - "ErraticGopher"
Exploit CVE - CVE-2017-8461
Patch Download Link - https://support.microsoft.com/en-us/help/4024323/security-update-of-windows-xp-and-windows-server-2003

5. NSA Hacking Tool - "EternalBlue"
Exploit CVE - MS17-010
Patch Download Link - https://technet.microsoft.com/library/security/ms17-010.aspx

6. NSA Hacking Tool - "EmeraldThread"
Exploit CVE - MS10-061
Patch Download Link - https://technet.microsoft.com/library/security/ms10-061

7. NSA Hacking Tool - "EternalChampion"
Exploit CVE - CVE-2017-0146 & CVE-2017-0147
Patch Download Link - A: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0146
         B: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0147

8. NSA Hacking Tool - "EsikmoRoll"
Exploit CVE - MS14-068
Patch Download Link - https://technet.microsoft.com/library/security/ms14-068.aspx

9. NSA Hacking Tool - "EternalRomance"
Exploit CVE - MS17-010
Patch Download Link - https://technet.microsoft.com/library/security/ms17-010.aspx

10. NSA Hacking Tool - "EducatedScholar"
Exploit CVE - MS09-050
Patch Download Link - https://technet.microsoft.com/library/security/ms09-050

11. NSA Hacking Tool - "EternalSynergy"
Exploit CVE - MS17-010
Patch Download Link - https://technet.microsoft.com/library/security/ms17-010.aspx

12. NSA Hacking Tool - "EclipsedWing"
Exploit CVE - MS08-067
Patch Download Link - https://technet.microsoft.com/en-us/library/security/ms08-067.aspx

About eScan:

eScan is an ISO (27001) certified pure play enterprise security solution company with over 2 decades of expertise in developing IT security solutions. eScan today has a presence in 12 countries through its offices and subsidiaries. It also boasts of a robust channel partner network of more than 50, 000 partners spread across 190 countries worldwide. It is trusted by more than 6,500 enterprise and corporate users spread across various industry segments such as Government, BFSI, Education, Defense, Telecom, IT & ITeS, Infrastructure, Hospitality, and Healthcare worldwide.

It is powered by some of the latest and innovative technologies, such as Proactive Behavioral Analysis Engine (PBAE) Technology, MicroWorld Winsock Layer (MWL) Technology, Domain & IP Reputation Check (DIRC) Technology, Non-Intrusive Learning Pattern (NILP) Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provide protection from current threats, but also provides proactive protection against the ever-evolving cyber threats. eScan provides 24x7 free remote support facility to help its esteemed users to provide real-time solutions for security related issues.

For more information, visit - https://escanav.com/en/about-us/PBAE-technology.asp