The endpoint protection platform provides a collection of security capabilities to protect PCs, smartphones and…
Petya Ransomware
A significant attack Petya Ransomware is spreading across Europe, Russia, Ukraine and elsewhere. CPS Technology Solutions strategic partner Sophos is investigating the attack and will continue to provide updates here throughout the day.
What we know right now about Petya Ransomware
- Victims so far include British advertising agency WPP (WPPGY), Danish shipping firm Maersk, Russian oil/gas company Rosneft and U.S.-based pharmaceutical firm Merck. WPP said on Twitter, “IT systems in several WPP companies have been affected by a suspected cyber attack.” Maersk announced its IT systems “are down across multiple sites and business units due to a cyber attack.” Merck said in a tweet that “Our company’s computer network was compromised today as part of global hack.”
- Various media reports say the ransomware bares similarities to the Petya ransomware family that encrypts MFT (Master File Tree) tables and overwrites the MBR (Master Boot Record), dropping a ransom note and leaving victims unable to boot their computer. Because it blocks boot efforts and prevents affected systems from working altogether, it’s considered more dangerous than typical ransomware strains.
- Various media reports suggest the attacker took inspiration from last month’s WannaCry outbreak, which infected hundreds of thousands of computers across the globe by exploiting NSA code leaked by Shadow Brokers. Specifically, it used a variant of the Shadow Brokers’ APT EternalBlue Exploit (CC-1353), which targeted a flaw in the Windows Server Message Block (SMB) service.
- Attackers are demanding payment of a $300 ransom in Bitcoins to regain control, according to various reports.
Defensive measures
Here’s what we urge you to do right now:
- Patch your systems, even if you’re using an unsupported version of XP, Windows 8 or Windows Server 2003
- Back up regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands
- Avoid opening attachments in emails from recipients you don’t know, even if you work in HR or accounts and you use attachments a lot in your job.
Contact us today to get pricing to start protecting your valuable data! Need more information? Contact us about setting up a web meeting with Sophos and CPS right away.
CPS Technology Solutions
3949 County Road 116
Hamel, MN 55340
T. 800-438-4202
D. 763-553-1514
Website: CPSTS.com
e-mail: Stop_Ransomware@CPTS.com