An MSP’s Guide to the Petya Ransomware Outbreak

The headline-grabbing nature of WannaCry put just about every IT and security team in reaction mode. Just one month after the WannaCry outbreak, we find ourselves reverting to reaction mode as the next batch of ransomware spreads across the globe—this time from the Petya family variant.

In a matter of hours, the new Petya ransomware spread its way across 65 countries. While WannaCry and Petya aren’t the first versions of ransomware, they are a new breed of ransomware, ones that use powerful exploits to enable rapid propagation within and to new organizations. As a managed services provider (MSP), it’s imperative that you understand this ransomware outbreak and how it can affect you or your clients’ businesses. Don’t know what Petya is or how you can stay protected? Here is your guide.

What is Petya?

Petya ransomware is part of a new wave of ransomware attacks that has hit computer servers all across Europe, particularly in the Ukraine and Russia. It is hijacking computer data, infecting and encrypting all the user’s files and displaying messages demanding a Bitcoin ransom worth $300. With most ransomware strains, victims who do not have recent backups of their files are faced with a decision to either pay the ransom or kiss their files goodbye.

This new strain has worked its way around the world at alarming speed. The ransomware spread using a vulnerability in Microsoft Windows that the software giant patched in March 2017—the same bug that was exploited by WannaCry. Microsoft released a patch for the Eternal Blue exploit, but many businesses put off installing the fix. Many of those that procrastinated were hit with the WannaCry ransomware attacks in May, and may still be vulnerable. The first hit were government and financial institutions in the Ukraine, which metastasized to about 2,000 computer systems around the world. 

How to Protect Against Petya

Luckily, there are various safeguards you can take to protect yourself and your clients from Petya.

Patch, Patch, Patch

I feel like a broken record on this because people have been saying it for years, but the best ways to protect against these attacks is to stay as up to date as possible with patches and educate your users. Petya, like Wannacry and so many other attacks, relies on outdated patches to infect systems and propagate into new systems. However, Petya went one step further by having the ability to propagate to fully patched systems once it got into your environment. This means that a single, low-value system missing a patch can serve as an entry point and allow the ransomware to infect fully patched, higher-value systems. In the end, patching is only as good as your weakest link—meaning companies need to be more vigilant than ever when patching their systems.

Realize the Difference Between Owning Security Tools and Using Them

The reality of both Petya and Wannacry is that even if you weren’t patching, basic security tools that most organizations own—such as antivirus and other endpoint protection tools—would prevent any damage from these attacks. But how did so many organizations get impacted? The answer is simple: they, like many organizations, lacked adequate management of their security tools.

Investing in security tools is a great step towards securing yourself, but realize that installing these tools without any ongoing management is like owning a car you never fill up with gas. It might look good in your driveway but it isn’t able to do what it was designed to do.

Understand the Limitations of Basic Protection Tools

These attacks are a scary reminder of the changing threat landscape—one that is especially impacting small- and medium-sized businesses (SMBs). SMBs used to be able to safely assume that the advanced attacks would be focused on large corporations and governments because there wasn’t enough to gain using these mechanisms against them. However, with these recent attacks they need to realize how that reality has shifted.

These attacks focus on a volume based mentality. For example, getting small amounts from lots of people, versus large amounts from a single company. They use very powerful exploits, created by government intelligence agencies, to allow them to have broad-based, unfocused attacks that are just as likely to cripple a Mom and Pop Shop as a multinational bank.

Your SMB clients need to realize that while antivirus and firewalls are incredibly effective in reducing risk, they need to begin to think about increasing the security solutions they have in place. Given this new landscape, SMBs can turn to you to put technologies in place to detect and respond to threats and breaches when they do penetrate their defenses but before they have a chance to do harm. Additionally, you must implement a proper, reliable backup and disaster recovery (BDR) solution with online and offline backup solutions as the ultimate failsafe against successful attacks.

Bottom Line

This Petya ransomware outbreak is yet another reminder that the threat landscape is ever evolving and growing more sophisticated. While there are many unknowns, there are some basic steps you can take to reduce the risk of cyber attacks and provide your clients with secure IT services.

Here at Continuum, we continue to work with our partners and the overall industry to protect our own environment as well as the environments you manage. We’re happy to say that our tools and processes ensure that none of our systems or partners’ systems were impacted by WannaCry or Petya. Moreover, we will continue to be vigilant in our efforts to keep our partners and their end-users protected against the next possible threat.

Do you have any questions regarding Petya or other ransomware? Are you interested in learning more about how Continuum's platform can keep you covered?
Click here to contact us and our team will quickly be in touch!