As many in the IT Security business are aware of, Petya Ransomware is leveraging the same Microsoft EternalBLue exploit that WannaCry targeted 30 days ago. However, some are suggesting that the ransomware piece of Petya is not the main part of the attack, but actually the bundled tool LSADump which steals credentials and passwords. While many are busy fighting off the ransomware and restoring from backup, the attackers are now able to enter the network using legitimate access. If you have limited staff, you may not even catch any signs of intrusion.
These recent events demonstrate the need for reviewing your security posture at the gateway, endpoint and end user levels. Defeating ransomware is important, but detecting and stopping the techniques used to introduce ransomware such as Return Oriented Programming and File-less Malware attacks is becoming a part of the baseline. This is where 2nd opinion products are rapidly becoming first opinion tools as the landscape changes. If you have started thinking about this, you will want to start investigating solutions in order get this as a budget item for your next fiscal cycle. Without this kind of protection, signs like
DLA posted may become more common place.