Petya/NotPetya Ransomware Advisory
Just recently, a new ransomware attack, dubbed as Petya/NotPetya, has disrupted the operations of many businesses and government offices in several countries worldwide. The infected computers have been rendered inoperative by locking it down through encrypting virtually all the stored files/whole drive until ransom payment has been made.
WHAT IS PETYA/NOTPETYA RANSOMWARE?
This is a type of malicious software that spreads itself by stealing login credentials or re-using active sessions, using file-shares, and exploiting the same MS Windows vulnerabilities used in the WannaCry ransomware attack that happened last May 2017, which affected more than 200,000 computers across 150 countries.
WHO ARE VULNERABLE TO THIS RANSOMWARE?
Ransomware spares no one! In fact, some organizations impacted by this ransomware have reported that their IT systems were down across multiple sites and business units, experienced difficulties with customer service and banking operations, delayed flights, switching back to manual mode since all Windows computers had to be shut down, and forced to sending employees home since computers in the office were out of action.
HOW CAN GLOBE BUSINESS PROVIDE HELP?
We wish to assure our partners and clients that Globe Telecom is currently not affected by this cyber-attack and is closely being monitored for any cyber threats through our Advanced Security Operations Center (ASOC). Information security has never been more vital and relevant. With that in mind, Globe has invested in top-of-the-line information security solutions to protect valuable customer data and information technology systems against malware and other major types of cyber threats.
As part of our #MakeITSafePH cybersecurity campaign, we would also like to help you prevent threats from affecting your enterprise information systems. Here are some important tips which you may share with your IT teams and employees:
Apply critical security patches! Systems that are not patched are the most vulnerable to a ransomware attack. Install MS17-010 security update for Microsoft on Windows machines as soon as possible. If not, consider disabling SMBv1 and blocking port 139 & 445 traffic and disabling remote WMI and file sharing to prevent propagation as a workaround.
Be sure that you do regular backup of data important to the day-to-day operations of your business. Also, test your backup data since having a data backup that cannot be restored is futile.
Be wary of phishing attacks! Ransomware could come to you via e-mail or any form of electronic messaging.
- Do not click/open an odd, suspicious, or too good to be true e-mails, posts, texts, tweets, etc.
- Do not open any files from unknown or untrusted sources. Even if it appears coming from a trusted source but it is unusual or something unexpected, do not click on links or open attached files without being absolutely sure it is legit.
- Be wary of sudden web page redirection, which could be an attempt to bring you to a malicious site hosting the malware and drop it to your computer.
Avoid going to “untrustworthy” or “unsafe” websites that may host ransomware and infect your computing device.
Refrain from arbitrarily downloading any files or software from the internet and installing it on your computing device. Obtain only software from a trusted and authorized source such as from your company's IT department.
Install a reliable endpoint security solution on your computer and update it regularly. Make sure your Windows Firewall or other security mechanisms are turned on or enforced like restricting the use of local admin rights.
We at Globe Business would also like to know how we can further help you in securing both your email and web gateways. Contact your Globe Business Account Manager today.
USEFUL LINKS AND REFERENCES: