It’s been widely reported that a new ransomware worm has been affecting a large number of companies around which has the appearance of the Petya ransomware, though it comes with new abilities to spread within networks.
The bad news is that the severity of damage caused is very high and by the time you see a warning message it is likely to be too late:
- In addition to using the vulnerability used by the recent WannaCry, it can also spread using hijacked account credentials using legitimate windows processes which has allowed it to spread very quickly within confined networks
- The encryption mechanisms are very good so unencrypting data is likely to be impossible. The communication mechanism has been disabled so even if payment was made, the key to decrypt the files would never be released
The good news is that worldwide spread will hopefully be contained:
- It is likely that the main initial infection came through a compromised update to a piece of Ukrainian tax software
- The malware only spreads to local computers or ones it is already connected to, it does not reach out across the internet looking for more victims
Whilst we have already patched the vulnerability used in WannaCry and have other protections in place, we will be looking to increase the measures in place to increase security. Even with these protections in place there are no guarantees that a widespread ransomware infection would not strike us and everyone should take their own responsibilities seriously:
- Do not open unexpected documents from unknown sources or if they seem suspicious
- Avoid clicking embedded links found in unexpected emails
- Apply patches to home computers and reboot work computers frequently to allow them to install
More information can be found from a number of trusted sites such as the BBC.