Petya/Petrwrap/Petyawrap and Sophos XG (Noob Question)

You will need Sophos Intercept X for the best ransomware protection. XG might be able to flag emails sent via such suspicious addresses if you are using the XG as the mail server. However, I haven't used that so I cant vouch for that. However Intercept X does the trick brilliantly.

Norbert,

as Osama wrote, Intercept-X will block new ransomware and other malware using behaviour analysis and signature-less features. For XG, I am sure both AV engines (Avira and Sophos) along with IPS signature and Sandstorm will block the Petya variants as soon Sophos labs release the signature.

Until now, there are no news from Sophos on both XG and UTM9.

Take note that UTM and Firewall can block most of the attacks but not all. Building a "security in depth" is the key of success. Do not rely only on IT Systems but make sure to train your users and that processes exist inside the Organization, so an attack can be mitigated properly.

Regards

Norbert,

as Osama wrote, Intercept-X will block new ransomware and other malware using behaviour analysis and signature-less features. For XG, I am sure both AV engines (Avira and Sophos) along with IPS signature and Sandstorm will block the Petya variants as soon Sophos labs release the signature.

Until now, there are no news from Sophos on both XG and UTM9.

Take note that UTM and Firewall can block most of the attacks but not all. Building a "security in depth" is the key of success. Do not rely only on IT Systems but make sure to train your users and that processes exist inside the Organization, so an attack can be mitigated properly.

Regards

XG will help prevent Petya from entering the network via mail and web download (AFAIK it has spread through mail but not web).  However it will not help if a computer is affected outside of the network and brought in.  It cannot help against internal spreading of the virus once it is inside - unless you have partitioned the network and are using the XG as a firewall between partitions.

https://www.sophos.com/en-us/lp/petya-ransomware.aspx

Make sure all windows computers are fully patched.

Gentlemen,

thanks for your input and clarification. Highly appreciated.

This all becomes more and more a nightmare, not only for companies but also (or even in particular) for private households. With cloud home automation, amazon echo, etc. things can become quite difficult at home too. Not to talk about the ever growing amount of "talkative" IoT devices.

My (XG) firewall is one thing. To protect my home network from attacks from the outside. To segregate my home network in subnets and to partly block internet access for my way too communicative home devices (f.e. sat receiver, home automation, etc.). And this is exactly my current playground. I strictly limit access to my network. Only registered clients. Guests are separated. Access from the outside only via VPN. No fancy cloud services. But ... I am a Home User and I still have to learn a lot about firewall / IPS / etc. And it is fun to do so :)

With the latest major global incidents I need to watch my clients (esp. mobile devices) soon as well. I keep them up to date, on a weekly basis. And I stick to macOS, iOS. No windows, no linux client. I know, this is not going to protect me here, but it likely provides me with some more time to make my mind, to learn and to advise family members how to additionally protect their devices. They are careful, however, neither of us is an IT guy nor a security expert.

A huge market is arising, which requires the same level of holistic security strategies for each entity in the internet. Whether it is a company or a private household.

Thanks again guys and pls apologize my monologue here :)