Guard against Petya ransomware

A recent variant of Petya ransomware, known as “ExPetr” or “NotPetya” or “GoldenEye”, is spreading rapidly across the world this week. Similar to the earlier WannaCry malware, the recent attack utilizes the EternalBlue exploit against the MS17-010 vulnerability to attack unpatched Microsoft Windows-based workstations and servers.

If you’re a Zyxel ZyWALL USG user and are using Anti-Virus and Intrusion Detection and Prevention (IDP) services, please follow the steps below to guard against the attacks:

  1. Apply the Microsoft MS17-010 patch on your Microsoft systems, if you haven’t done yet

  2. Enable the Intrusion Detection and Prevention (IDP) service

    When someone attempts to make use of the Microsoft MS17-010 exploit to start the attack, the IDP service is in place to prevent it from happening. If your ZyWALL USG device is running on firmware version ZLD 4.25, make sure your IDP signature is updated to version or above. For those with ZyWALL USG firmware ZLD 4.20 or earlier, please update to IDP signature version or above.

  3. Enable the Anti-Virus/Anti-Malware service

    Gateway Anti-Virus catches malware at its first point of entry, preventing it from spreading across the internal network. Make sure your Anti-Virus signature is updated to version or above.