Petya Ransomware Outbreak InformationThe new ransomware variant known as Petya has swept across the globe impacting numerous industries and organizations, including critical infrastructure such as energy, banking, and transportation systems.
This variant is part of a new wave of multi-vector ransomware attacks that Fortinet is calling “ransomworm”, which takes advantage of timely exploits. The ransomworm is designed to move across multiple systems automatically, rather than stay in one place. It appears that the Petya ransomworm is using similar vulnerabilities that were exploited during the recent Wannacry attack.
Rather than focusing on a single organization it uses a broad-brush approach that targets any device it can find that its attached worm is able to exploit. It appears that this attack started with the distribution of an Excel document that exploits a known Microsoft Office exploit.
Due to additional attack vectors being used in this exploit, patching alone would have been inadequate to completely stop it from happening, which means that patching needs to be combined with good security tools and practices.
Fortinet business customers were protected from all attack vectors, as they were detected and blocked by their ATP, IPS, and NGFW solutions.In addition, Fortinet's AV team issued a new antivirus signature within a few hours of the discovery to enhance the first line of defense.
To answer any questions you may have, and for more information on this latest threat, the following resources are available:
• Read Fortinet's blog for the latest Fortinet commentary.
• Visit the Petya Central Content Hub for ongoing industry news and updates.
• See Fortinet's Security Recommendations to best protect your organization.