PetrWrap, Petya.B or NotPetya

Is a new ransomware exploiting the same vulnerability as the WannaCry attack that occurred in May and currently spreading all around the world. It is known under different names: PetrWrap, Petya.B or NotPetya. But we are always talking about the same malware.ap so dangerous?
Unlike WannaCry that was simply encrypting the infected workstation’s data, PetrWrap completely locks your computer. In order to access it again, you are asked to pay a ransom. However, even though you actually pay this ransom, you will not be able to access your PC again. On top of that, the virus can automatically expand to the other workstations of the internal network.

PetrWrap is dangerous because, even if you do not click on the infected file, the malware will try and infect your computer, using a vulnerability (MS17-010) of Microsoft’s SMB protocol. The exploits are called EternalBlue and EternalRomance.

Why is PetrWrap so dangerous?

Unlike WannaCry that was simply encrypting the infected workstation’s data, PetrWrap completely locks your computer. In order to access it again, you are asked to pay a ransom. However, even though you actually pay this ransom, you will not be able to access your PC again. On top of that, the virus can automatically expand to the other workstations of the internal network.

PetrWrap is dangerous because, even if you do not click on the infected file, the malware will try and infect your computer, using a vulnerability (MS17-010) of Microsoft’s SMB protocol. The exploits are called EternalBlue and EternalRomance.

Attack type
Ransomware
Target
All types of organizations
Risks
Data loss

Contact us

Stormshield, a fully-owned subsidiary of Airbus Defence and Space, offers innovative end-to-end security solutions to protect networks (Stormshield Network Security), computers (Stormshield Endpoint Security) and data (Stormshield Data Security).

How can Stormshield Endpoint Security help me?

Stormshield Endpoint Security (SES) is a Next-Gen endpoint protection solution that, instead of checking the presence of viruses like traditional antiviruses do, checks the presence of vulnerabilities used by malware in order to spread. This way, it creates some kind of virtual patch.
SES is not signature-based and, then, can detect the shift in malware.

More information

When you are connected to the Internet through a Stormshield firewall (Network Security) you are protected by the Stormshield IPS. This system analyzes your whole traffic and makes sure that no exploit is hidden.

More information

Thanks to Stormshield and common best practices, you are protected

Do not forget:

  • - Always keep your system updated
  • - Use an updated endpoint protection system
  • - Never ignore the alerts issued by your firewall and your endpoint protection solution
  • - Backup your workstations and files on a regular basis

And most important: DO NOT OPEN AN ATTACHMENT IF YOU ARE NOT 100% SURE OF THE TRUSTWORTHINESS OF THE SENDER.