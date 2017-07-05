Home Applications Ivanti Webinar Q&A: Petya and Weaponized Malware

Ivanti Webinar Q&A: Petya and Weaponized Malware

Ivanti Webinar Q&A: Petya and Weaponized Malware
This is a follow-up to Michael Dortch’s blog summary of our latest ransomware webinar: Petya and Weaponized Malware: Is Ransomware the New DDoS Attack?

We had several questions roll in that we did not have time to answer during the webinar. Here are a few of them below.

Q:I have no Trusted Publisher policy setup to allow an application that has been signed with a digital certificate from a trusted source to run on an endpoint. Does this mean the unsigned/invalid digital Microsoft certificate from Petya will not run?

A: Trusted Publisher looks at the vendors you have approved. It validates their digital signature and either allows or denies based on that established trust. For initial infection, there are a few different approaches.

First, the MEDoc approach. This is a vendor you would have wanted to put on your trusted vendor list. So initially the application would have gotten into the environment. Once that installed the payload, the perfc.dat would have been laid down, and that file would not have been trusted and would have been blocked.

Read the entire article here, Webinar Q&A: Petya and Weaponized Malware

via the fine folks at Ivanti.

