Emerging Threats

What you need to know about the Petya ransomware outbreak


Authored by a Symantec employee

 

UPDATE Since this situation is ongoing, Symantec researchers are still investigating this event and are updating their blog on Medium.com You can click here to keep up with the latest updates on this ransomware.

A new strain of ransomware has appeared in multiple countries. On June 27, 2017, Petya ransomware emerged and began spreading itself to large organizations across Europe. This ransomware uses what is called the Eternal Blue exploit in Windows computers. It is not impacting individual users at the time of this writing.

Norton customers are already being protected against the Petya attacks that use the Eternal Blue exploit.

What is Ransomware?

Ransomware generally presents users with an ultimatum: pay a fee to unlock and reclaim personal data, or don’t pay the fee and lose the data indefinitely. Ransomware is able to automatically corrupt and delete files in the event that monetary compensation is not received, leaving most users with little time to resolve the problem through alternate means.

How to deal with Ransomware:

  1. Do not pay the ransom. It only encourages and funds these attackers. Even if the ransom is paid, there is no guarantee that you will be able to regain access to your files.
  2. Be sure you are backing up your data on a regular basis. If you do become a victim of a ransomware attack, you will be able to restore any impacted files from a known good backup. Restoration of your files from a backup is the fastest way to regain access to your data.
  3. Do not provide personal information when answering an email, unsolicited phone call, text message or instant message. Phishers will try to trick employees into installing malware, or gain intelligence for attacks by claiming to be from IT. Be sure to contact your IT department if you or your coworkers receive suspicious calls.
  4. Use reputable internet security software and a firewall. Maintaining a strong firewall and keeping your security software up to date are critical. It’s important to use antivirus software from a reputable company because of fake software out there.
  5. Employ content scanning and filtering on your mail servers. Inbound e-mails should be scanned for known threats and should block any attachment types that could pose a threat.
  6. Make sure that all systems and software are up-to-date with relevant patches. Exploit kits hosted on compromised websites are commonly used to spread malware. Regular patching of vulnerable software is necessary to help prevent infection.
  7. If traveling, alert your IT department beforehand, especially if you’re going to be using public wireless Internet. Make sure you use a trustworthy Virtual Private Network (VPN) when accessing public Wi-Fi like Norton Secure VPN.

Symantec is continuing to analyze this threat and will post further information as soon as it becomes available.

Get NEW Norton 360 with LifeLock for up to 40% off*

NEW Norton 360 with LifeLock. An all-in-one membership for your Cyber Safety.


Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2019 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. and other countries. App Store is a service mark of Apple Inc. Alexa and all related logos are trademarks of Amazon.com, Inc. or its affiliates. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. and other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.

No one can prevent all identity theft or cybercrime.  Not all products, services and features are available on all devices or operating systems. System requirement information on norton.com.

*Important Subscription, Pricing and Offer Details:

  • The price quoted today may include an introductory offer. After that, your membership will automatically renew and be billed at the applicable monthly or annual renewal price found here.
  • You can cancel your subscription at my.norton.com or by contacting Member Services & Support. For more details, please visit the Refund Policy.
  • Your subscription may include product, service and /or protection updates and features may be added, modified or removed subject to the acceptance of the Customer Agreement.

The number of supported devices allowed under your plan are primarily for personal or household use only. Not for commercial use. If you have issues adding a device, please contact Member Services & Support.

§ Dark Web Monitoring in Norton 360 plans defaults to monitor your email address only. Please login to the portal to review if you can add additional information for monitoring purposes.