In our last blog we assured users of K7 Security products that they are protected against the destructive Petya ransomware. The good news is that we’ve just tightened the noose even further! Now, not only Petya but also other malware which may exhibit similar modus operandi are going to be robustly and proactively blocked. This is an effort to safeguard our users from any such ransomware attacks in future.
Let’s have a gander through what we have done:
- Blocking the Petya ransomware at the very early stages, even before it enters a computer by including an IDS signature to block all currently known versions of EternalBlue type packets attempting to exploit MS17-010.
- In order to tackle a situation where a malware like Petya attempts to affect the boot area, we have reinforced a protection rule in our security products to block unauthorized writes to the Master Boot Record (MBR).
- Last but not least, we tweaked our “Ransomware Protection” logic to block the encryption procedure peculiar to Petya.
As always, we at K7 Engineering focus on complete protection at multiple layers for our users so as to safeguard them from any (new) malware occurrences.