Cyber Security - Petya

The Latest Cyber Security Threat — Petya

Are You Protected?

Petya, a new cyber security viru is in the news. Petya comes on the heels of the WannaCry ransomware attacks in May.

 

Both viruses are very dangerous and indiscriminate to company size. Beyond big companies, your computer and your company are targets too. Both viruses lock your computers. They also encrypt your data, making data retrieval problematic or impossible.

 

Petya hit parts of Eastern Europe including US Pharmaceutical giant Merck. WannaCry, a ransomware virus infected 250,000 PC’s including numerous PCs at the NMS in the UK.

 

Are you vulnerable?

Yes, if you do not properly patch all of your systems and maintain defenses.

These viruses spread by email and an IP address scanner. If one of your employees has an unpatched system then you are at risk. If an employee clicks on an email link that contains this virus, that link can install the virus. Once this virus is installed, an internal scanner will scan the rest of your network, find all vulnerable devices, and then infect them too! In the case of WannaCry, it also scans external addresses. Which means that an infected computer on your network will be responsible for infecting other vulnerable computers on the internet

 

What can I do to protect my systems?

 

First, ensure you have patched EVERY computer. We have found that relying on an individual PC to do the updates is unreliable at best. This is because Users may delay the updates or fail to restart their PC’s when prompted. In some cases, the PC update becomes corrupted and simply does not complete the update. Moreover, the local tools do not provide any kind of reporting.

For businesses, we recommend a monthly monitoring service than manages updates and other protections.

 

Second, ensure your anti-spam email service has full virus detection turned on. The leading anti-spam email service, Proofpoint, has excellent tools to protect your network.

 

Third, do not forget the human side of intrusion prevention. Periodically, remind all employees to NEVER click on a link from someone they do not know. Consider a formal training and monitoring program for your employees. We have more information on these topics at www.mbsg.net/blog.

 

If you have a question about cyber security or you are interested in an independent cyber security assessment of your systems, contact MBSG.