There have been a few emails sent to me from clients asking how to approach detection and remediation for WannaCry and Petya. Since both of these are essentially both act ransomware a little differently there is a common fix for both.
I hope the difference described between these two here will save some time in remediation efforts and tracking.
Since SMB is the common Vulnerability between both, patching efforts and priorities should be focused on that.
Vulnerability & Exploit:
Vulnerability in Server Message Block (SMB) and EternalBlue as exploit.
WannaCry has to connect live to a c&c where Petya executes offline. '
Wannacry - via SMB Wormholes
Petya - via SMB Wormholes via credential theft via psexec & wmic services.
Assymetric RSA-2048 encryption of data.
WannaCry: Data is held for ransom
Petya: Portrayed as ransomware but the data is being destroyed.