Petya Ransomware Malicious Host Detection

info Nessus Network Monitor Plugin ID 700152

Synopsis

One or more requests to potential Petya ransomware related malware hosts have been detected.

Description

One or more requests to potential Petya ransomware related malware hosts have been detected. Petya differs from typical ransomware as it does not just encrypt files, it also overwrites and encrypts the master boot record (MBR), demanding payment via cryptocurrency. Petya propagates itself similar to "WannaCry" by exploiting the MS17-010 vulnerability, also known as EternalBlue which was part of the ShadowBrokers dump.

Solution

Manually inspect the workstation to ensure that it is not running software which may impact the security of the entire network. Also, ensure that this device is in compliance with security and corporate policies and that all relevant patches have been updated.

See Also

http://www.telegraph.co.uk/news/2017/06/27/ukraine-hit-massive-cyber-attack1

https://www.theguardian.com/world/2017/jun/27/petya-ransomware-attack-strikes-companies-across-europe

Plugin Details

Severity: Info

ID: 700152

Family: Generic

Published: 6/27/2017

Updated: 10/2/2017