Support 416-591-6711 option 1 or Email Us

PETYA and NotPetya Ransomware

Tue, 27 Jun 2017

Six weeks after Wannacry ransomware, the Petya variant hit parts of USA and Europe.  Although Petya is well-known, a new variant is now out in the wild. 

How this ransomware works:
  • Utilizes and modifies the Microsoft Windows SMB and uses the ETERNALBLUE exploit tool. 
  • Same exploit tool that was used for the Wannacry ransomware.
  • Once infected, the MBR prevents Windows from loading into the O/S and a ransom note is then presented to the end-user:

How to protect your systems:
  • Windows systems should be patched with the March 2017 and April 2017 bulletins - specifically Microsoft Security Bulletin MS17-010
  • Ensure all Anti-Virus signatures are up-to-date.
  • If you have Advanced Malware Protection, you may already be covered.
  • Some AV vendors may have a specific zero-day Petya update and should be distributed to all systems.
  • If possible, block TCP 445 inbound.
  • Create backups –  in case of infection you can quickly restore data. 
ISA's MSP Services:
  • Notified all customers at 12:30 PM EST on June 27, 2017.
  • Assisting customers with zero-day protection.
  • Continuing to monitor customer environments.
Additional Information: 

For McAfee customers, please follow these links:

For Fortinet customers, please follow this link:

For Cisco customers, please follow these links:

For Palo Alto customers, please follow this link:

For additional information regarding this issue, follow this Virus Total link:

Update - June 29, 2017

ISA is following the Petya/NotPetya Ransomware attacks. Find out more information below: 

ISA is available to assist in any way possible.
Contact ISA Support: 1-877-591-6711 option 1,, or open a support case online.

‹ Back


Contact ISA at 416-591-6711or email us