What Should You Do if You Are Hit by the Petya Ransomware Attack?

Back to all articles

While many institutions and businesses from various industries were still reeling from the WannaCry attack that took the world by storm back in May, cyber criminals launched another crippling ransomware attack earlier this week, catching a lot of cyber security professionals across 60 countries by surprise and bringing essential business operations to a halt.This latest high-profile attack, called Petya ransomware, bears many of the hallmarks of WannaCry, in that it is a typical ransomware scheme, paralyzing computers and spreading through internal networks after infecting one machine.

Another important similarity is that just like WannaCry, Petya exploited the same Microsoft Windows vulnerability - Eternal Blue, to spread within networks. On the other hand, there is one significant difference between the two attacks - Petya, unlike WannaCry, was not aimed at extorting money, but rather incurring serious damage to computer networks, with researchers saying that Petya was just disguised as ransomware, but its main goal was to spread throughout networks as fast as possible and cause the biggest infrastructural damages possible.

Containing the Damage

Petya ransomware was primarily designed to infect computers in order to prevent organizations from continuing their day-to-day operations, rather than gaining financial benefit, and the attack did affect business operations of many companies, inflicting severe financial and reputation damage upon them. Ransomware attacks are extremely difficult to prevent, and the best thing organizations can do to avoid serious long-term consequences in case they get hit by one, is to make sure they have the tools to respond to it and contain the damage as fast as possible.

That can be best done with the help of an incident response platform with automation and orchestration capabilities. These types of platforms can help security teams reduce their reaction time when responding to an incident, which is crucial when attacks such as Petya occur. With a set of playbook actions specific to ransomware attacks, an incident response platform will allow your team to detect and analyze the attack faster, and it will suggest a specific list of actions that can help contain the damage in the most effective way possible. When it comes to ransomware attacks, recommended containment actions include isolating compromised machines, blocking communication over ports, and disconnecting shared drives, among other things.

Post-Incident Reactions

Once you have taken the suggested containment actions, the platform will help you accelerate the recovery and remediation processes, and perform the appropriate post-incident procedure. The post-incident reactions are particularly important when dealing with ransomware attacks, as they play a major role in ensuring compliance with breach notification rules covering these types of cybersecurity incidents, such as the HIPAA Breach Notification Rule in the US.

To conclude, even though preventing ransomware attacks is a major challenge and there is not much that organizations can do in that regard, there are a lot of things they can do to reduce the impact of such incidents and avoid long-lasting consequences, which are usually associated with these types of cybersecurity events.

Get Started with a One-to-One Personalized Demo

Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

See IncMan SOAR in Action.

Request Your Live IncMan SOAR Demo.

DFLabs IncMan SOAR is the pioneering Security Orchestration, Automation and Response (SOAR) platform to automate, orchestrate and measure security operations tasks.

IncMan SOAR harnesses machine learning and automation capabilities to augment human analysts to maximize the effectiveness and efficiency of security operations teams, reducing the time from breach discovery to resolution by up to 80%.

What You'll See in a Demo

See for yourself why IncMan SOAR is the preferred solution of Fortune 500, Global 2000 and MSSP clients. DFLabs IncMan SOAR at a glance:

  • Full and semi-automated Incident Response, improving response times by up to 80%
  • Covers the entire spectrum of IR and SecOps
  • Automated Responder Knowledge (ARK) generated by machine learning
  • Highly flexible and customizable, with over 100 templates and automation actions out of the box
  • Correlation engine correlates all relevant IOCs and artefacts between incidents
  • Multi-tenancy and granular role-based access
  • Dual mode playbooks and intelligence sharing
  • Powerful case management with integrated forensics capabilities.

Yes, I want a demo

DFLabs would like to stay in touch to provide you with marketing related content. By ticking the box you consent to receive educational, company and promotional information from DFLabs and accept DFLabs' Privacy Policy.

* Required fields