Petya/Petrwrap/Petyawrap and Sophos XG (Noob Question)

Question

Warning: Noob question :D 
 With Sophos XG, what do I need to do to protect my network from above mentioned ransomware: 
 Is it automatically blocked, if ...? 
 Or do I need to have (in addition to XG) specific end-point-protection-software installed on Windows/MacOS clients as well? 
 
 Assumption: All clients OS are up to date. 
 
 Cheers

Muhammad Osama · Accepted Answer

You will need Sophos Intercept X for the best ransomware protection. XG might be able to flag emails sent via such suspicious addresses if you are using the XG as the mail server. However, I haven't used that so I cant vouch for that. However Intercept X does the trick brilliantly.

lferrara · Answer

Norbert , 
 as Osama wrote, Intercept-X will block new ransomware and other malware using behaviour analysis and signature-less features. For XG, I am sure both AV engines (Avira and Sophos) along with IPS signature and Sandstorm will block the Petya variants as soon Sophos labs release the signature. 
 Until now, there are no news from Sophos on both XG and UTM9. 
 Take note that UTM and Firewall can block most of the attacks but not all. Building a "security in depth" is the key of success. Do not rely only on IT Systems but make sure to train your users and that processes exist inside the Organization, so an attack can be mitigated properly. 
 Regards

Michael Dunn · Answer

XG will help prevent Petya from entering the network via mail and web download (AFAIK it has spread through mail but not web). However it will not help if a computer is affected outside of the network and brought in. It cannot help against internal spreading of the virus once it is inside - unless you have partitioned the network and are using the XG as a firewall between partitions. 
 
 https://www.sophos.com/en-us/lp/petya-ransomware.aspx 
 Make sure all windows computers are fully patched.