Petya Ransomware Malicious Host Detection
Info Nessus Network Monitor Plugin ID 700152
SynopsisOne or more requests to potential Petya ransomware related malware hosts have been detected.
DescriptionOne or more requests to potential Petya ransomware related malware hosts have been detected. Petya differs from typical ransomware as it does not just encrypt files, it also overwrites and encrypts the master boot record (MBR), demanding payment via cryptocurrency. Petya propagates itself similar to "WannaCry" by exploiting the MS17-010 vulnerability, also known as EternalBlue which was part of the ShadowBrokers dump.
SolutionManually inspect the workstation to ensure that it is not running software which may impact the security of the entire network. Also, ensure that this device is in compliance with security and corporate policies and that all relevant patches have been updated.