Urgent
Threat Update Regarding Petya
Ransomware Outbreak
Please be alerted that a new
strain of ransomware is spreading fast based upon Petya which renders servers
and machines useless. Comments on VirusTotal indicate the usage of the
EternalBlue exploit but this has not yet been confirmed but is the likely entry
point. The ransomware clears the windows event log using Wevtutil, writes a
message to the raw disk partition and shuts down the machine.
Further companies have been
affected today and advice has now been amended.
Please see the advisory below, point 3 is of particular importance.
Until further information is
available we urge all our clients to:
1) Test for back-ups today
2) Make sure all patches have been deployed
fully. See below for the advice given by Microsoft in May regarding
Wannacry and check that it has been implemented:
3)
If affected, Customers are now advised
to unplug the machines from the network and power down if infected.
Do Not switch
the power back on as files may be
recoverable if the encryption process has not yet begun.
Attempting
to pay the ransom does not work as the decryption process does not start. The payment email address has been disabled.
4) Advise all users to be extra vigilant for
phishing attacks.
5) Call ZeroDayLab if they have any further
concerns.
As
ever, you can contact us on the following numbers in the event you have
any concerns:
UK: 0207 979 2067
Manchester: 0161 883 2660
Ireland: +353 153 14575
Benelux: +31 208 085136
North America: 1-302-498-8322