The long and the short of it- PATCH YOUR COMPUTERS! Hopefully most of you did this after reading about the WannaCry virus and that it penetrated the network through unpatched computers. But if not, please do so immediately! This virus- NotPetya- is also scanning for unpatched computers.
“It only takes one unpatched computer to get inside the network, and the malware can get administrator rights and spread to other computers.” –Robert Lipovsky, ESET Researcher.
As you've likely heard, the next big malware is out and spreading. It seems that the malware is a version of Petya, although it also appears to have some significant differences or advancements... so much so that it looks like an almost entirely new form of ransomware. For that reason, this new malware is being referenced as “NotPetya.” The last big ransomware hit the world saw was with WannaCry, which exploited a leacked NSA hack called Eternal Blue and infected hundreds of thousands of computers and networks. NotPetya works in a similar way although it only scans computers on local networks rather than the entire Internet.
Not Petya has some features that make it even more dangerous than WannaCry. It has the ability to detect passwords on the infected computer and can move to other systems by pulling passwords from memory or the local filesystem. The virus then spreads the infection by “executing malicious code on other computers on the network.” For example, if the infected computer has admin access, every other computer on the network will become infected.
Because the virus is so new, there is still a lot of investigation being done. However, a Microsoft spokesperson has already said that initial investigations found that this ransomware uses multiple techniques to spread including one addressed by a previous security patch provided for all platforms from Windows XP to Windows 10. It can also spread by email so everyone should be careful when opening unfamiliar files.
Give us a call if you'd like to discuss how to make your network more secure!