SonicWall has been protecting customers from Petya ransomware for over a year.
Learn about the attack and how SonicWall is leading the cyber arms race
Once again, the cyber arms race continues to evolve with this latest massive global ransomware attack called Petya. Today, June 27, 2017 SonicWall Capture Labs began tracking a high number of Petya ransomware attacks against SonicWall customers. Petya as a malware payload is not new. In fact, we reported in the 2017 Annual SonicWall Threat Report that it was second only to Locky in the number of infections we noted last year. The good news for SonicWall customers that are using our security services is that we have had signatures for certain variants of Petya since March 2016. Then, in April 2017 Capture Labs analyzed and released protection for the Eternal Blue exploit that Shadow Brokers leaked from the NSA.
To stay protected, SonicWall customers are urged to take action immediately:
- Ensure that your next-generation firewall has an active Gateway Security subscription, in order to receive automatic real-time protection from known ransomware attacks such as Petya. Gateway Security includes Gateway Anti-virus (GAV), Intrusion Prevention (IPS), Botnet Filtering, and Application Control.
- Deploy SonicWall Deep Packet Inspection of all SSL/TLS (DPI SSL) traffic to identify and block all known ransomware attacks. Enabling DPI SSL also allows the firewall to examine and send unknown files to the SonicWall Capture Advanced Threat Protection (ATP) service for multi-engine sandbox analysis.
- Ensure that your SonicWall email security subscriptions are active as 65% of all ransomware attacks happen through phishing emails.
The combination of the SonicWall Capture Threat Network and SonicWall Capture ATP sandboxing provides the best defense against newly emerging hybrid attacks such as Petya.
Please refer to our blog for updates regarding this threat and for any questions you may have related to SonicWall protections against this threat.
SonicWall’s Technical Support Team