Security Pros Say Malware Based on EternalBlue Poses Long-Term Threat | eWeek

IT Security Professionals See Petya Ransomware as Multifaceted Threat

Data loss cost 2
Jun 30, 2017
5 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More


IT Security Professionals See Petya Ransomware as Multifaceted Threat

1 - IT Security Professionals See Petya Ransomware as Multifaceted Threat

On June 27, a new variant of malware based on the long-known Petya ransomware attacked organizations in the Ukraine and around the world. The attack makes use of the same EternalBlue exploit first patched by Microsoft in March that allegedly is a hacking tool created by the U.S. National Security Agency. EternalBlue was also used in the WannaCry ransomware worm attack that impacted global organizations in May. Security vendors have been quick to respond to the new Petya ransomware variant, providing technical resources and insight into the attack, including what it means for enterprise IT security. In this slide show, eWEEK shares some of the commentary it has received from security professionals about the new Petya ransomware outbreak.


Commvault

2 - Commvault

“The latest global ransomware attacks are yet another wakeup call for business as a serious threat, and not just another cyber-security technology challenge. Companies must evaluate ransomware threat readiness—and many are disturbingly unprepared.” — Bob Hammer, CEO of Commvault


Carbon Black

3 - Carbon Black

“This attack leverages the same exploit as WannaCry with a different payload. This is the problem with signatures. An attacker can make a very simple change and the attack is just as effective as it was the first time. This will go on forever until we change the game.” — Mike Viscuso, co-founder & CTO of Carbon Black


Advertisement

Avira

4 - Avira

“After decrypting the Trojan completely, we also found it not only uses the EternalBlue exploit, but also contains the NSA backdoor DoublePulsar. We are surprised to see that after the WannaCry debacle, there are still so many machines without the latest Windows security updates connected to the internet—especially in critical environments.” — Matthias Ollig, CTO of Avira


CyberX

5 - CyberX

“Let’s face it: When the Shadow Brokers leaked the NSA’s hacking tools, they let the genie out of the bottle and there’s no putting it back in. We should expect to see all kinds of cyber-adversaries playing with and building on top of them. Some of us in the ICS (Industrial Control System) cyber-security community are braced for the worst—mainly that some creative hacker will find a way to cross-pollinate elements of WannaCry/Petya with the destructive payloads of the ICS-specific Industroyer/CrashOverride malware. If that were to happen, then we’re playing a whole new ballgame.” — Nir Giller, CTO of CyberX


Irdeto

6 - Irdeto

“While this attack directly impacts IT systems, we must consider how the ransomware threat will evolve in the near future to also impact IoT devices and connected cars. If something as simple as system patches are being missed to let ransomware in, the prospect for robust protection of IoT devices does not look good.” — Mark Hearn, director of IoT security for Irdeto


Lastline

7 - Lastline

“This attack also shows that criminal groups are always ready to copy and improve on one another’s techniques once they see that something is effective. Finally, the initial reports indicate once again the attacks caused significant outage in the real world, with offices and stores shut down as a consequence of the infection. This points once more at the fragility of our current infrastructure that can be substantially affected by what appears to be a traditional, widespread and non-targeted attack.” — Marco Cova, senior security researcher at Lastline


Advertisement

RedLock

8 - RedLock

“The fact that Petya is spreading so rapidly is evidence that organizations worldwide are still not taking cyber-security as seriously as they should. In addition to being proactive in ensuring they’re monitoring on-premises network traffic, organizations must also ensure that they’re monitoring the traffic within cloud infrastructure environments.” — Varun Badhwar, CEO and co-founder of RedLock


SurfWatch Labs

9 - SurfWatch Labs

“The good news is if you took appropriate WannaCry precautions, you are likely not to be affected by Petya.” — Adam Meyer, chief security strategist at SurfWatch Labs


Vectra Networks

10 - Vectra Networks

“Any security vendor saying they could completely protect an enterprise from this form of attack isn’t being honest, because the attacker just needs to succeed once and the attack surface is too large. … The NSA designed these tools to specifically bypass existing security solutions, so it’s no surprise that the industry will be playing catch-up for the next several months.”  — Chris Morales, head of security analytics at Vectra Networks


Farsight Security

11 - Farsight Security

“This attack is incredibly virulent. Its propagation is among the fastest we’ve seen since Code Red. Anyone who is depending on their software or antivirus or security vendor to defend against this kind of thing is making a bad bet. Bad guys are better organized [and] better incentivized, and they know our software and our networks better than we do. The only proven defense against ransomware is backups of all important data.” — Paul Vixie, CEO of Farsight Security


Duo Security

12 - Duo Security

“What always seems to take some by surprise, however, is that no matter how much we talk about patching as the solution, it doesn’t happen in many cases. In fact, organizations with the most critical functions appear to struggle with software updates. It’s almost as if talking about the problem and ‘raising awareness’ isn’t enough to actually solve it.” — Wendy Nather, principal security strategist for Duo Security


Advertisement

Cybric

13 - Cybric

“I believe the broad message is that the current approaches to security with respect to patching and updates is severely broken. Unfortunately, critical infrastructure technology has been ignored for too long, and now we’re seeing the repercussions of that complacency. Companies need to rapidly adopt a much more continuous strategy around patching and security testing, along with a robust disaster recovery plan that gets tested frequently.” — Mike Kail, CTO of Cybric


Absolute

14 - Absolute

“Microsoft provided customers with MS17-010—a critical security update that patches the hole which makes the spread of these attacks possible. It is amazing to me that after the huge media coverage and rapid spread of WannaCry … we are seeing another successful attack that uses the same vulnerability again. I’m not sure what else we can do to get the message out there to companies: You need to get your machines patched, and today. This can’t wait any longer.” — Richard Henderson, global security strategist for Absolute

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.