EDGE 2020 Goes Virtual
Sydney, Australia June 29, 2017 – Fortinet, a global leader in high-performance cyber security solutions, has advised organisations and computer users to brace and take immediate action against a new ransomware variant called Petya that is sweeping across the world. The ransomware is currently having an impact on a wide range of industries and organisations, including critical infrastructure such as energy, banking, and transportation systems.
This is part of a new wave of multi-vector ransomware attacks that we are calling “ransomworm”, which takes advantage of timely exploits. The ransomworm is designed to move across multiple systems automatically, rather than stay in one place. It appears that the Petya ransomworm is using similar current vulnerabilities that were exploited during the recent WannaCry attack.
Unlike WannaCry which encrypts a computer’s files, however, the Petya ransomware encrypts a segment of the hard drive that renders the entire computer inoperable. Older legacy systems and critical infrastructure are particularly vulnerable to this attack.
The patch for this vulnerability was issued by Microsoft earlier this year. We advise organisations to update their systems immediately.
In addition, here are a few other steps organisations and individuals should take to protect themselves:
• Back up your critical systems’ files, and keep that backup offline.
• Ensure you have a ‘gold standard’ operating system disk and configuration, to allow you to reconstruct your desktops with confidence.
• Check the currency of your patches.
• Don’t execute attachments from unknown sources.
• Push out signatures and antiviruses.
• Use sandboxing on attachments.
• Use behaviour-based detections.
• At firewalls, look for evidence of Command & Control.
• Segment, to limit the spread of the malware and backup data being encrypted.
• Ensure that Remote Desktop Protocol is turned off, and/or is properly authenticated, and otherwise limit its ability to move laterally.
• If affected, do not pay the ransom
• Share facts of infiltration with trusted organisations such as the local police, to assist with overall community efforts to diagnose, contain, and remedy the attack.
Further cautions and an analysis of the ransomware landscape can be found here: http://blog.fortinet.com/2017/06/27/new-ransomware-follows-wannacry-exploits
About Fortinet Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Fortinet empowers its customers with intelligent, seamless protection across the expanding attack surface and the power to take on ever-increasing performance requirements of the borderless network - today and into the future. Only the Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Fortinet ranks #1 in the most security appliances shipped worldwide and more than 310,000 customers trust Fortinet to protect their businesses. Learn more at http://www.fortinet.com, the Fortinet Blog, or FortiGuard Labs.
Copyright © 2017 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and unregistered trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet's trademarks include, but are not limited to, the following: Fortinet, FortiGate, FortiGuard, FortiManager, FortiMail, FortiClient, FortiCloud, FortiCare, FortiAnalyzer, FortiReporter, FortiOS, FortiASIC, FortiWiFi, FortiSwitch, FortiVoIP, FortiBIOS, FortiLog, FortiResponse, FortiCarrier, FortiScan, FortiAP, FortiDB, FortiVoice and FortiWeb. Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, binding specification or other binding commitment by Fortinet, and performance and other specification information herein may be unique to certain environments. This news release contains forward-looking statements that involve uncertainties and assumptions, such as statements regarding technology releases. Changes of circumstances, product release delays, or other risks as stated in our filings with the Securities and Exchange Commission, located at www.sec.gov, may cause results to differ materially from those expressed or implied in this press release. If the uncertainties materialize or the assumptions prove incorrect, results may differ materially from those expressed or implied by such forward-looking statements and assumptions. All statements other than statements of historical fact are statements that could be deemed forward-looking statements. Fortinet assumes no obligation to update any forward-looking statements, and expressly disclaims any obligation to update these forward-looking statements.