Detect and prevent Petya ransomware in Azure Security Center

Petya ransomware infection that originated in Ukraine affected a great deal of Windows machines worldwide and highlighted the sophisticated malware behavior in 64 countries. This article outlines basic measures that Azure users can take to detect and prevent this threat via Azure Security Center.

Prevention of the malware

Azure Security Center helps to prevent Petya ransomware in that it scans virtual machines and recommends deploying endpoint protection where it is not yet available. This recommendation can be accessed in the prevention section as displayed in the following screenshot:

Detect and prevent Petya ransomware in Azure Security Center

Users can get more details on the Endpoint Protection and installation recommendations by drilling into the Compute pane:

Detect and prevent Petya ransomware in Azure Security Center

Clicking on this opens up a dialogue with the choice of available protection solutions including Microsoft’s own antimalware protection solution:

Instal Endpoint Protection - Detect and prevent Petya ransomware in Azure Security Center
Select Endpoint Protection - Detect and prevent Petya ransomware in Azure Security Center

Detection

Azure Security Center allows its customers who opted into Standard-Tier to detect problems in the system and add alerts. A new detection rule that generates an alert on Petya ransomware-specific indicators has been recently added. These alerts for an infected host are available in the Detection pane as shown below:

Security Center Overview - Detect and prevent Petya ransomware in Azure Security Center

A sample alert is displayed below:

Selecting an alert will display further details of the infected VM along with the offending process that triggered it:

Peyta ransomeware indicators - Detect and prevent Petya ransomware in Azure Security Center

Due to the fact this ransomware attempts to propagate to all nearby machines, it is important to apply remediation to all the hosts on the network.

Further reading on the available remediation steps is available in the Microsoft Malware Protection Center (MMPC) blog.

Find out how Netreo can help with all Azure monitoring needs. Request a Demo Today

Ready to get started? Get in touch or schedule a demo.