Petya Ransomware: Remedies and Recommendations - Comsec Sri Lanka

November 29, 2023

A new ransomware variant, identified as a version of Petya (also known as NotPetya), has recently attacked organizations worldwide. This ransomware is more aggressive than WannaCry, encrypting files and preventing systems from booting. It uses various propagation techniques, including exploiting vulnerabilities and stealing credentials, making it highly dangerous.

To protect your company:

  • Educate employees about the threat and train them to recognize suspicious emails.
  • Patch and update systems to the latest versions, including older ones like Windows XP and 2003.
  • Isolate network ports 137, 138 (UDP) and 139, 445 (TCP) to prevent infection.
  • Keep antivirus and antimalware software updated.
  • Regularly back up critical data both online and offline.
  • Consider blocking the ADMIN$ share in the network.
  • Do not pay the ransom fee if infected; it's unlikely to work.
  • If infected, shut down the infected machine immediately.
  • A vaccine is available by creating read-only files named perfc, perfc.dll, and perfc.dat in C:\Windows. A script is provided for this purpose.
  • Please note that cybersecurity threats are continually evolving, so it's crucial to stay vigilant and keep security measures up to date.
A Talos Consulting (PVT) LTD initiative
© 2023, Cybersafe. All Rights Reserved.