Once we get beyond the immediate patchwork of solutions and accept that these attacks will continue, we need to think about how to best bolster response. Security orchestration allows for automation and improved capabilities to navigate the full scope of security operations and incident response activities from the initial alert through to remediation. Simply put, context, automation and analyst enablement ensure that the disease is cured, not just the symptoms. Visit - https://siemplify.co

1. Petya Ransomware
How To Best Approach This Global Threat

2. Introduction
The recent cyber-attack caused disruption around the globe
and has infected companies in an estimated 64 countries,
including major banks, oil and gas organizations, law firms and
advertising agencies. According to anti-virus vendor ESET,
80% of all infections were in Ukraine, with Germany second
hardest hit with about 9%.

3. What Is Petya
Petya is a type of ransomware that was
first discovered in 2016. Petya mainly
targets Microsoft Windows-based
systems, infecting the master boot
record to execute a payload that encrypts
a hard drive's file system table and
prevents Windows from booting. It
subsequently demands that the user
make a payment in Bitcoin in order to
regain access to the system.

4. EternalBlue Hack & SMB
Generally, ransomware similar to the previous Wannacry attack
spread via “worms”. The worms multiply exponentially until they
discover a particularly vulnerable exploit within an organization.
One of these is via the so-called EternalBlue hack – thought to
have been developed by US NSA developers, which uses an
exploit in protocol to let computers and other equipment talk to
each other, known as the Server Message Block (SMB).

5. Never Ending Arms Race
With the Ransomware spreading like wildfire across the globe,
thousands of companies have been scrambling to safeguard their
data. Microsoft Security Bulletin is recommending various
security patches that were previously released to make sure that
Petya Ransomware and its variants cannot progress. Additionally,
Microsoft has provided a guide to help secure windows systems
against the EternalBlue exploit opening up this particular brand
of attack.

6. How To Face Petya
For those that are already facing Petya, there doesn’t appear to be a way
to restore corrupted file systems, and no option to pay the ransom,
because the Posteo webmail address given to pay the $300 ransom has
been shut down.
What security leaders should be considering is how dangerous it has
become to have disconnected systems spitting out reports and failing to
garner actionable intelligence. The ability to correlate these alerts in real
time, manage cases efficiently and respond effectively has pushed
Security Orchestration to the top of the security food chain in recent
months.

7. Time For Security Orchestration
Once we get beyond the immediate patchwork of solutions and accept
that these attacks will continue, we need to think about how to best
bolster response. Security orchestration allows for automation and
improved capabilities to navigate the full scope of security operations and
incident response activities from the initial alert through to remediation.
Simply put, context, automation and analyst enablement ensures that the
disease is cured, not just the symptoms.

8. Conclusion
Having just passed the halfway mark for 2017,
the threat landscape has now grown to have
brought some of the largest and most critical
global organizations to their knees, creating a
ripple effect throughout world economies with
no sign of slowing. WannaCry was a small
warning in comparison to Petya, and if this trend
continues, the next massive attack could be a
tipping point.

9. References
https://www.siemplify.co/blog/how-to-best-approach-petya-
ransomware/
https://www.siemplify.co/demo-request/
https://www.wired.co.uk/article/what-is-eternal-blue-exploit-
vulnerability-patch
https://msrc-blog.microsoft.com/2017/05/12/customer-guidance-for-
wannacrypt-attacks/
https://en.wikipedia.org/wiki/Petya_(malware)