National Cyber Awareness System:
06/27/2017 12:56 PM EDT
US-CERT has received multiple reports of Petya ransomware infections occurring in networks in many countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users’ access to the infected machine until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.
Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. Open-source reports indicate that the ransomware exploits vulnerabilities in Server Message Block (SMB). US-CERT encourages users and administrators to review the US-CERT article on the Microsoft SMBv1 Vulnerability and the Microsoft Security Bulletin MS17-010. For general advice on how to best protect against ransomware infections, review US-CERT Alert TA16-091A. Please report any ransomware incidents to the Internet Crime Complaint Center (IC3).
OCR provides cybersecurity guidance materials including a cybersecurity checklist, ransomware guidance and cyber awareness newsletters at https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity/index.html
COMMENT: This software is similar to the WannaCry ransomware that struck more than 300,000 computers in 150 countries on May 12. Folks who patched their systems at that time are probably not at risk on this attack. This does, however, re-emphasize the priority to keep up to date on patches.
UPDATE — 0924 June 29 — Internet security experts are now changing their appraisal of the current attack from a classification of “ransomware” to “cyber warfare” because it appears to be weaponized to destroy data rather than extract a ransom. It apparently has been directed against Ukraine and a similar attack has been on-going against Saudi Arabia.
Stu Sjouwerman
Founder and CEO, KnowBe4, Inc.
“I strongly suggest you have another look at your defense-in-depth, and make sure to:
- Have weapons-grade backups
- Religiously patch
- Step users through new-school security awareness training”