Petya
outbreak

Petya ransomware, also known as PetrWrap, has hit organizations all over the world. And just like WannaCry, it's completely seizing systems people rely on.

How do we protect our customers against Petya?

F-Secure endpoint products offer protection against the Petya ransomware on several layers to ensure that attacks can be stopped at multiple places along the attack chain.

F-Secure's vulnerability management product flags known vulnerabilities within the system for remediation, and our managed incident response service, F-Secure Rapid Detection Service, detects a large number of the TTP techniques used by Petya, allowing our customers to take immediate remediative actions in the case an infection is detected.

Multiple layers of protection

Software Updater

F-Secure's integrated patch management feature prevents the new Petya ransomware variant attack from exploiting the EnternalBlue vulnerability by automatically deploying the related security patches.

Learn more

Security Cloud

F-Secure's Security Cloud functionality detects and blocks the DLL file used by the ransomware.

Learn more

Anti-Malware

F-Secure's Anti-Malware engine detects and blocks the threat via multiple complementary signature detections.

F-Secure's Firewall

F-Secure's default firewall settings prevent the Petya attack from spreading laterally in the environment and encrypting files.

Want to secure your business today?

Get in touch to learn more about how F-Secure protects you.

What should you do to protect yourself

F-Secure endpoint solutions block the Petya attacks with their default settings. However, it is always a good idea to check that all security functions are enabled. You should also take steps to mitigate the exploited vulnerability and prevent the attack from spreading in your environment.

  1. Ensure DeepGuard and real-time protection is turned on in all your corporate endpoints.
  2. Ensure that F-Secure Real-time Protection Network is turned on.
  3. Ensure that F-Secure security program is using the latest database update available.
  4. Identify endpoints without the Microsoft issued patches (4013389) with Software Updater or another patch management tool, and patch them immediately.
    • Apply MS17010 to Windows Vista and later (Windows Server 2008 and later)
    • Apply Microsoft's patch to Windows XP or Window Server 2003
    • In case you are unable to apply the patch immediately, we recommend you disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547 in order to reduce your attack surface
  5. Ensure that F-Secure Firewall is turned on with its default settings. Alternatively, configure your firewall to properly block 445 in- and outbound traffic within your organization to prevent Petya from spreading within your environment.

The components of a solid cyber security operation

Managed Detection
and Response

Our enterprise-grade managed service detects, quantifies and gathers evidence regarding advanced attacks. When we detect an attack, you'll know about it in less than 30 minutes.

Learn More

Vulnerability
Management

Our powerful, scalable vulnerability scanning and management service will help you identify and remediate known vulnerabilities in any platform or web application.

Learn More

Endpoint
Protection

Endpoint protection is the cornerstone of cyber security. Our endpoint security products have been powered by next-generation technologies such as behavioral analysis and machine learning for a decade.

Learn More

Additional Resources

Business Security Insider

3 Things Companies can do to Beat Petya

The recent Petya outbreak seems similar to May's WannaCry attacks, but there are some differences companies need to know to stay protected.

Read more

Business Security Insider

Petya Ransomware Outbreak Proves WannaCry was Only the Beginning

F-Secure blocks the new ransomware that spreads like May's historic outbreak. However, this time the criminals appear to be pros.

Read more

Threat Description from F-Secure Labs

Trojan.Petya

Petya is ransomware that encrypts the Master Boot Record on a computer and demands payment of a ransom in order to obtain the decryption key needed to restore normal access to the affected machine.

Read more

Interested in securing your organization against ransomware and other vulnerabilities?

Get in touch to learn more about our offering. Protect yourself before it's too late.