Statement about the Petya ransomware attacks

Posted in: Security

It’s been widely reported that a new ransomware worm has been affecting a large number of companies around which has the appearance of the Petya ransomware, though it comes with new abilities to spread within networks.

The bad news is that the severity of damage caused is very high and by  the time you see a warning message it is likely to be too late:

  •  In addition to using the vulnerability used by the recent WannaCry, it can also spread using hijacked account credentials using legitimate windows processes which has allowed it to spread very quickly within confined networks
  • The encryption mechanisms are very good so unencrypting data is likely to be impossible.  The communication mechanism has been disabled so even if payment was made, the key to decrypt the files would never be released

The good news is that worldwide spread will hopefully be contained:

  • It is likely that the main initial infection came through a compromised update to a piece of Ukrainian tax software
  • The malware only spreads to local computers or ones it is already connected to, it does not reach out across the internet looking for more victims

Whilst we have already patched the vulnerability used in WannaCry and have other protections in place, we will be looking to increase the measures in place to increase security.   Even with these protections in place there are no guarantees that a widespread ransomware infection would not strike us and everyone should take their own responsibilities seriously:

  • Do not open unexpected documents from unknown sources or if they seem suspicious
  • Avoid clicking embedded links found in unexpected emails
  • Apply patches to home computers and reboot work computers frequently to allow them to install

More information can be found from a number of trusted sites such as the BBC.

 

Posted in: Security

Respond

  • (we won't publish this)

Write a response