{"id":75533,"date":"2017-06-28T10:15:43","date_gmt":"2017-06-28T17:15:43","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=75533"},"modified":"2025-06-03T22:10:24","modified_gmt":"2025-06-04T05:10:24","slug":"protect-petya-ransomware-mcafee-environment","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/protect-petya-ransomware-mcafee-environment\/","title":{"rendered":"How to Protect Against Petya Ransomware in a McAfee Environment"},"content":{"rendered":"

This post has been updated with information about\u00a0McAfee Enterprise Security Manager and\u00a0McAfee Web Gateway (June 28, 14:20 Pacific time).<\/em><\/p>\n

A new variant of the ransomware Petya (also called Petrwrap) began spreading around the world on June 27. Petya is ransomware that exploits the vulnerability CVE-2017-0144 in Microsoft’s implementation of the Server Message Block protocol.\u00a0This ransomware encrypts the master boot records of infected Windows computers, making the machines unusable.<\/p>\n

The initial attack vector is unclear, but aggressive worm-like behavior helps spread the ransomware. (Read McAfee\u2019s detailed technical analysis<\/a> of the Petya ransomware.)<\/p>\n

Microsoft released a set of critical patches<\/a> on March 14 to remove the underlying vulnerability in supported versions of Windows, but many organizations may not yet have applied these patches.<\/p>\n

How McAfee products can protect against Petya ransomware<\/strong><\/h2>\n

As with WannaCry<\/a> and other similar attacks, a layered, integrated cyber defense system that combines advanced analytics, threat intelligence, signatures, and human expertise is the best way to protect your business against emerging threats. McAfee\u2019s collaborative cyber defense system leads the way for enterprises to protect against emerging threats such as Petya ransomware, remediate complex security issues, and enable business resilience. By empowering integrated security platforms with advanced malware analytics and threat intelligence, our system provides adaptable and continuous protection as a part of the threat defense life cycle.<\/p>\n

Attacks like Petya and its future variants cannot win against a collaborative cybersecurity ecosystem that works as a team and empowers protective tools to make better decisions at the point of attack.<\/p>\n

McAfee offers early protection for components of the initial Petya attack in the form of advanced malware behavior analysis with Real Protect Cloud and the brand-new Dynamic Neural Network (DNN) analysis techniques available in McAfee Advanced Threat Defense (ATD). ATD 4.0 introduced a new detection capability using a multilayered, back-propagation neural network (DNN) leveraging semisupervised learning.\u00a0DNN looks at certain features exercised by a malware to come up with a positive or negative verdict to determine whether the code is malicious.<\/p>\n

Whether in standalone mode or connected to McAfee endpoint or network sensors, ATD combines threat intelligence with sandbox behavior analysis and advanced machine learning to provide zero-day, adaptable protection. Real Protect, part of the Dynamic Endpoint solution, also uses machine learning and link analysis to protect against malware without signatures and provide rich intelligence to the Dynamic Endpoint and the rest of the McAfee ecosystem. Real Protect combined with Dynamic Application Containment provided early protection against Petya.<\/p>\n

Multiple McAfee products provide additional protection to either contain the attack or prevent further execution. This post provides an overview of those protections with the following products:<\/p>\n

McAfee Endpoint Security <\/strong><\/h2>\n

Threat Prevention <\/strong><\/p>\n