How do we protect our customers against Petya?
F-Secure endpoint products offer protection against the Petya ransomware on several layers to ensure that attacks can be stopped at multiple places along the attack chain.
F-Secure's vulnerability management product flags known vulnerabilities within the system for remediation, and our managed incident response service, F-Secure Rapid Detection Service, detects a large number of the TTP techniques used by Petya, allowing our customers to take immediate remediative actions in the case an infection is detected.
Multiple layers of protection
F-Secure's integrated patch management feature prevents the new Petya ransomware variant attack from exploiting the EnternalBlue vulnerability by automatically deploying the related security patches.
F-Secure's Security Cloud functionality detects and blocks the DLL file used by the ransomware.
F-Secure's Anti-Malware engine detects and blocks the threat via multiple complementary signature detections.
F-Secure's default firewall settings prevent the Petya attack from spreading laterally in the environment and encrypting files.
What should you do to protect yourself
F-Secure endpoint solutions block the Petya attacks with their default settings. However, it is always a good idea to check that all security functions are enabled. You should also take steps to mitigate the exploited vulnerability and prevent the attack from spreading in your environment.
- Ensure DeepGuard and real-time protection is turned on in all your corporate endpoints.
- Ensure that F-Secure Real-time Protection Network is turned on.
- Ensure that F-Secure security program is using the latest database update available.
- Identify endpoints without the Microsoft issued patches (4013389) with Software Updater or another patch management tool, and patch them immediately.
- Apply MS17010 to Windows Vista and later (Windows Server 2008 and later)
- Apply Microsoft's patch to Windows XP or Window Server 2003
- In case you are unable to apply the patch immediately, we recommend you disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 in order to reduce your attack surface
- Ensure that F-Secure Firewall is turned on with its default settings. Alternatively, configure your firewall to properly block 445 in- and outbound traffic within your organization to prevent Petya from spreading within your environment.
The components of a solid cyber security operation
Our enterprise-grade managed service detects, quantifies and gathers evidence regarding advanced attacks. When we detect an attack, you'll know about it in less than 30 minutes.
Our powerful, scalable vulnerability scanning and management service will help you identify and remediate known vulnerabilities in any platform or web application.
Endpoint protection is the cornerstone of cyber security. Our endpoint security products have been powered by next-generation technologies such as behavioral analysis and machine learning for a decade.
Business Security Insider
3 Things Companies can do to Beat Petya
The recent Petya outbreak seems similar to May's WannaCry attacks, but there are some differences companies need to know to stay protected.
Business Security Insider
Petya Ransomware Outbreak Proves WannaCry was Only the Beginning
F-Secure blocks the new ransomware that spreads like May's historic outbreak. However, this time the criminals appear to be pros.
Threat Description from F-Secure Labs
Petya is ransomware that encrypts the Master Boot Record on a computer and demands payment of a ransom in order to obtain the decryption key needed to restore normal access to the affected machine.