Forcepoint Security Labs has
referred it as a Petya outbreak, but other vendors are using alternative words
and additional names for it. The good news is this sample has cleared the duck
test, and now files can be encrypted on disks without changing their
extensions. You can also try encrypting the Master Boot Record and check its
after-effects on the computer devices.
Paying
Petya's ransom demand
Igor Gamanenko, the Customer
Success Manager of Semalt, suggests
you not to pay the ransom at any cost.
It is better to deactivate your
email ID rather than paying ransom to the hacker or attacker. Their payment
mechanisms are usually fragile and non-legitimate. If you are to pay the ransom
through a BitCoin wallet, the attacker may steal a lot more money from your
account without letting you know.
These days, it has become very
tough to obtain unencrypted files regardless of the fact that decryption tools
would be available in coming months. Infection Vector & Protection
Statement Microsoft claims that the initial infection vendor has various
malicious codes and non-legitimate software updates. In such circumstances,
that vendor may not be able to detect the problem in a better way.
The current iteration of Petya
aims to avoid communication vectors that have been saved by the email security
and web security gateways. A lot of samples have been analyzed using different
credentials to find out the solution of the problem.
The combination of WMIC and
PSEXEC commands is far better than the SMBv1 exploit. As of now, it is unclear
whether an organization that trusts third party networks will understand the
rules and regulations of other organizations or not.
Thus, we can say that Petya
brings no surprises for the Forcepoint Security Labs researchers. As of June
2017, Forcepoint NGFW can detect and block the SMB exploits leverages by the
attackers and hackers.
Deja
vu: Petya Ransomware and SMB propagation abilities
The Petya outbreak was recorded
in the fourth week of June 2017. It has had a great impact on various
international firms, with news websites claiming that effects are long-lasting.
Forcepoint Security Labs has analyzed and reviewed different samples associated
with the outbreaks. It looks like the reports of Forcepoint Security Labs are not
entirely prepared, and the company requires additional time before it could
come up with some conclusions. Thus, there will be a significant delay between
the encryption procedure and running of the malware.
Given that the virus and
malware reboot the machines, it may require several days before the
final results are revealed.
Conclusion and recommendations
The conclusion and assessment
of a far-reaching implication of the outbreaks are tough to draw at this stage.
However, it looks like it is the final attempt to deploy self-propagating
pieces of ransomware. As of now, Forcepoint Security Labs aims to continue its
research on the possible threats. The company may soon come up with its final
results, but it requires a significant amount of time. The use of SMBvi
exploits will be revealed once the Forcepoint Security Labs present the
results. You should make sure that security updates are installed on your
computer systems. As per the policies of Microsoft, clients should disable
SMBv1 on every Windows system where it is negatively affecting the functions
and performance of the system.
Hi. I’m Designer of Blog Magic. I’m CEO/Founder of ThemeXpose. I’m Creative Art Director, Web Designer, UI/UX Designer, Interaction Designer, Industrial Designer, Web Developer, Business Enthusiast, StartUp Enthusiast, Speaker, Writer and Photographer. Inspired to make things looks better.
Every local business can succeed with an online shopping sites for fetching traffic.
ReplyDeletepoll locations to vote mayor of apopka