Windows devices need to be patched immediately if they are missing a critical Windows patch, to protect from the current ransomware attack.
On June 27, 2017 the “Petya” ransomware strain began spreading widely impacting a large number of organizations, particularly in Europe.
Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. Open-source reports indicate that the ransomware exploits vulnerabilities in Server Message Block (SMB). It has two layers of encryption: one that individually encrypts target files on the computer and another one that encrypts NTFS structures. This approach prevents victims’ computers from being booted up in a live OS environment and retrieving stored information or samples. Additionally, after the encryption process is complete, the ransomware has a specialized routine that forcefully crashes the computer to trigger a reboot that renders the computer unusable until a $300 ransom is paid.
If you have yet to install the Microsoft fix—MS17-010— you should do so immediately. Be extremely suspicious of all e-mails you receive, particularly those that ask the recipient to open attached documents or click on web links. You should also ensure that your backups are current.
If you have seen nonstandard activity and believe your customers’ information may have been exposed, please contact support.
For more information see:
US-CERT article—Microsoft SMBv1 Vulnerability
The Microsoft Security Bulletin—MS17-010