Threat Alert: Petya/Goldeneye Ransomware Attack

Threat Alert: Petya/Goldeneye Ransomware Attack

Over the past 24-48 hours there have been multiple reports of a new ransomware outbreak that initiated in Europe and has spread to the United States. It has been identified as an updated strain of the Petya ransomware and has been called many different names including Petya, NotPetya and Goldeneye.

As of right now the outbreak is smaller than WannaCry but the ransomware is more advanced and has even taken down large banks, airports and energy companies. This malware can arrive through a Microsoft Word document (among other methods) within an email and then spread via the local network (LAN) using the "EternalBlue" exploit along with another NSA exploit called ETERNALROMANCE. Both exploits have been patched by Microsoft. Wanna Cry also used the "EternalBlue" exploit but it reached further since it spread via the Internet rather than via the LAN.

What Can You Do?

  1. Do not open Microsoft Word documents sent in an email from unknown individuals or from sources that seems suspicious.
  2. Update your Windows Operating System immediately if you have not done so. You can also go to Microsoft's support site where you can set up automatic Windows Updates.
  3. Have an advanced anti-malware/anti-ransomware solution in place that can prevent the execution of ransomware. SecureIT Plus, (included in all Tech Home packages), maximizes protection for consumers, while SecureIT Pro, (included in Tech Office) helps keep businesses safe from these type of threats.
  4. For advanced users of Windows, you can create your own "vaccine" for this specific ransomware.
    Important Note: This may only work for some strains. It is not a solution for all. It is still recommended that you update Windows and get a behavior based anti-virus solution in place first.

There is no known kill-switch for this ransomware at this time so it is very important to be vigilant. Backup files, update operating systems and make sure anti-virus/anti-ransomware is in place.

Contact CC Communications for details on our Online Security Services to help protect you and everyone in your network.