How do we protect our customers against Petya?
F-Secure endpoint products offer protection against the Petya ransomware on several layers to ensure that attacks can be stopped at multiple places along the attack chain.
F-Secure's vulnerability management product flags known vulnerabilities within the system for remediation, and our managed incident response service, F-Secure Rapid Detection Service, detects a large number of the TTP techniques used by Petya, allowing our customers to take immediate remediative actions in the case an infection is detected.
MULTIPLE LAYERS OF PROTECTION
WHAT SHOULD YOU DO TO PROTECT YOURSELF
F-Secure endpoint solutions block the Petya attacks with their default settings. However, it is always a good idea to check that all security functions are enabled. You should also take steps to mitigate the exploited vulnerability and prevent the attack from spreading in your environment.
- Ensure DeepGuard and real-time protection is turned on in all your corporate endpoints.
- Ensure that F-Secure Real-time Protection Network is turned on.
- Ensure that F-Secure security program is using the latest database update available.
- Identify endpoints without the Microsoft issued patches (4013389) with Software Updater or another patch management tool, and patch them immediately.
- Apply MS17010 to Windows Vista and later (Windows Server 2008 and later)
- Apply Microsoft's patch to Windows XP or Window Server 2003
- In case you are unable to apply the patch immediately, we recommend you disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 in order to reduce your attack surface
- Ensure that F-Secure Firewall is turned on with its default settings. Alternatively, configure your firewall to properly block 445 in- and outbound traffic within your organization to prevent Petya from spreading within your environment.
