A significant ransomware attack called Petya is spreading across Europe, Russia, Ukraine and elsewhere.
What we know right now
- Victims so far include British advertising agency WPP (WPPGY), Danish shipping firm Maersk, Russian oil/gas company Rosneft and U.S.-based pharmaceutical firm Merck. WPP said on Twitter, “IT systems in several WPP companies have been affected by a suspected cyber attack, Peyta.” Maersk announced its IT systems “are down across multiple sites and business units due to a cyber attack.” Merck said in a tweet that “Our company’s computer network was compromised today as part of global hack.”
- Various media reports say the ransomware bares similarities to the Petya ransomware family that encrypts MFT (Master File Tree) tables and overwrites the MBR (Master Boot Record), dropping a ransom note and leaving victims unable to boot their computer. Because it blocks boot efforts and prevents affected systems from working altogether, it’s considered more dangerous than typical ransomware strains.
- Various media reports suggest the attacker took inspiration from last month’s WannaCry outbreak, which infected hundreds of thousands of computers across the globe by exploiting NSA code leaked by Shadow Brokers. Specifically, it used a variant of the Shadow Brokers’ APT EternalBlue Exploit (CC-1353), which targeted a flaw in the Windows Server Message Block (SMB) service.
- Attackers are demanding payment of a $300 ransom in Bitcoins to regain control, according to various reports.
Here’s what we urge you to do right now:
- Patch your systems, even if you’re using an unsupported version of XP, Windows 8 or Windows Server 2003
- Backup regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands
- Avoid opening attachments in emails from recipients you don’t know, even if you work in HR or accounts and you use attachments a lot in your job.
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.
You can find Secure Sense on Facebook, LinkedIn and Twitter. Follow us for current company and industry news.
Repost from NakedSecurity blog. | Source1