When WannaCrypt rolled out in April it was already very clear how to protect yourself – fully-patched PCs were not vulnerable at all, as Microsoft had just released a software update designed to specifically address the vulnerability the ransomware was exploiting.
When Petya (also called NotPetya) exploded a week ago there was no such certainty, and it appeared every PC was once again at risk.
Microsoft has now posted a full analysis of the attack software, saying it exemplifies the ever-increasing sophistication of ransomware attacks.
They note the new Petya variant was significantly more complex than the original, employing a second exploit to promote lateral movement in networks, making it a higher risk for networks with an infected machine. Furthermore, the boot sector modification behaviour, where it trashed boot sectors when Kaspersky’s anti-virus solution was installed, had greater potential to cause damage to machines.
They however also confirmed that Windows 10 users were already protected from the software, saying “the security configuration and reduced attack surface” of Windows 10 and Windows 10 S “block this attack by default.”
Windows 10’s defence in depth protected users in the following ways:
Microsoft confirmed that despite hype Petya infected many fewer PCs than WannaCrypt, mainly Windows 7 PCs, and also mainly in Ukraine.
Microsoft is planning to further enhance Windows 10 security to address the increasing sophistication of attacks on PC users, and their advice remains to remain up to date with the latest version of the OS.
Read the full analysis here.