A ransomware attack that appears to be using a strain from the Petya family surfaced in Eastern Europe and has quickly gone global. Incident detection and response professionals around the world immediately started connecting this Petya-like ransomware with the same EternalBlue exploits used by the WannaCry ransomware.
[BLOG] The attack is evolving quickly. For everything we know so far, check out our blog post, "Petya-like Ransomware Explained."
This page will be updated as we learn more about the ransomware, as well as what Rapid7 customers can do to prevent, detect, and respond to it. In the meantime, organizations are strongly advised to take the following actions:
For those already hit by this ransomware, our best guidance right now is to work with law enforcement and incident response experts. Our own incident responders are available 24/7 on the hotline: +1-844-RAPID-IR.
Call our incident response team at 1-844-RAPID-IR.
Contact us[BLOG] Petya-like ransomworm: Leveraging InsightVM and Nexpose for visibility into MS17-010
Follow these steps to create a targeted scan, dynamic asset group, and remediation project for identifying and fixing MS17-010 vulnerabilities.
Preventing and Detecting Ransomware Attacks
Ransomware is malicious software which covertly encrypts your files – preventing you from accessing them – then demands payment for their safe recovery. Like most tactics employed in cyberattacks, ransomware attacks can occur after clicking on a phishing link or visiting a compromised website.
Whiteboard Wednesday: Server Ransomware
Watch this week’s Whiteboard Wednesday to learn more about how attackers are using open MongoDB, CouchDB, and Elasticsearch servers, and then check out Bob’s blog post for more on “The Ransomware Chronicles: A DevOps Survival Guide.”