New Petyawrap Ransomware Attack Again Highlights Critical Need For Security Processes Thumbnail
Improving Technical Security 28 June 2017

New Petyawrap Ransomware Attack Again Highlights Critical Need For Security Processes

By Dan YorkSenior Advisor

Whenever there’s a new attack on a global scale, the world trusts the Internet a little less. Today we are concerned with the many reports about this new ransomware attack called “Petyawrap”, “Petrwrap” or an older name of “Petya.”

The sad fact is: this new attack exploits the same vulnerabilities in Windows systems as last month’s WannaCry attack.

Fixes have been available for most Windows systems since March 2017!

The same tips Niel Harper provided last month to protect against ransomware also apply here.

Why haven’t the updates been applied? Often, smaller organizations may not have the needed IT staff. Enterprises may not fully embrace the level of business continuity planning they need. Companies may have legacy systems that are hard to patch.

Many organizations may have thought they were “safe” when they weren’t hit by WannaCry. They may have breathed a sigh of relief – and moved on to other critical needs.

The bad news is that this new attack gets nastier after the initial penetration of a network. Dan Goodin at ArsTechnia relays that the attack payload includes tools to extract user passwords. It can then infect other systems on your network using those credentials. Microsoft has more technical details. Unlike WannaCry, there seems to be no “kill switch” to stop the infections. (See update below.)

As Olaf Kolkman wrote last month in response to the WannaCry ransomware:

“When you are connected to the Internet, you are part of the Internet, and you have a responsibility to do your part.”

But yet as Brian Krebs reports at the end of his excellent piece, a recent ISACA survey found that:

  • 62 percent of organizations surveyed recently reported experiencing ransomware in 2016
  • only 53 percent said they had a formal process in place to address it

These attacks cause significant economic losses. They erode trust in the Internet. They limit the opportunities we all have online.

Collaborative security is a shared responsibility. We all have a part to play. We need to put the security processes in place to reduce these threats. In our companies and organizations. In nonprofits, schools, and community groups. In our homes. In our own actions.

We have the opportunity to shape tomorrow and build a stronger, more trusted Internet. One where ransomware no longer hits on a global scale.

Read Niel’s 6 tips. Promote the approach of “Collaborative Security“. Develop and implement security management strategies. Ask strong questions inside your organization.

Take action.

The time is now.

——

UPDATE #1 – There are now reports of a “vaccine” in the form of a file you can create on a Windows system to prevent the ransomware from running. This is not a “kill switch” that can apply globally, but it is something that can be done on individual PCs. If the ransomware finds that this read-only file exists, it will not perform its attack on that machine.

——

See also our past articles about the WannaCry attacks:

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related Posts

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Improving Technical Security 23 October 2019

Securing the Internet: Introducing Oracle Internet Intelligence IXP Filter Check

Oracle is an Organization Member of the Internet Society. We welcome this guest post announcing a new tool that...

Improving Technical Security 4 October 2019

Network Operators in Latin America and the Caribbean Take Steps to Strengthen Routing Security

2019 has been a very good year for the Internet in Latin America and the Caribbean. In May, during...