PETYA and NotPetya Ransomware

Six weeks after Wannacry ransomware, the Petya variant hit parts of USA and Europe.  Although Petya is well-known, a new variant is now out in the wild.

How this ransomware works:
  • Utilizes and modifies the Microsoft Windows SMB and uses the ETERNALBLUE exploit tool.
  • Same exploit tool that was used for the Wannacry ransomware.
  • Once infected, the MBR prevents Windows from loading into the O/S and a ransom

    note is then presented to the end-user:

How to protect your systems:
  • Windows systems should be patched with the March 2017 and April 2017 bulletins – specifically Microsoft Security Bulletin MS17-010
  • Ensure all Anti-Virus signatures are up-to-date.
  • If you have Advanced Malware Protection, you may already be covered.
  • Some AV vendors may have a specific zero-day Petya update and should be distributed to all systems.
  • If possible, block TCP 445 inbound.
  • Create backups –  in case of infection you can quickly restore data.
ISA’s MSP Services:
  • Notified all customers at 12:30 PM EST on June 27, 2017.
  • Assisting customers with zero-day protection.
  • Continuing to monitor customer environments.
Additional Information

For McAfee customers, please follow these links:

For Fortinet customers, please follow this link:

For Cisco customers, please follow these links:

For Palo Alto customers, please follow this link:

For additional information regarding this issue, follow this Virus Total link:


Update – June 29, 2017

ISA is following the Petya/NotPetya Ransomware attacks. Find out more information below

ISA is available to assist in any way possible.
Contact ISA Support: 1-877-591-6711 option 1,, or open a support case online.


Get exclusively curated cyber insights and news in your inbox

Related Posts

Contact Us Today


Get monthly proprietary, curated updates on the latest cyber news.