Tuesday 27 June 2017

Urgent Advice for Latest Ransomware Attack Spreading Like Wannacry



Please be alerted that a new strain of ransomware is spreading fast based upon Petya which renders servers and machines useless. Comments on VirusTotal indicate the usage of the EternalBlue exploit but this has not yet been confirmed but is the likely entry point. The ransomware clears the windows event log using Wevtutil, writes a message to the raw disk partition and shuts down the machine.

According to the BBC, Kiev's main airport appears to have been among the victims which include Ukraine's central bank, Maersk, Danish shipping company, Mondelez and DLA Piper. 
Until further information is available we urge all our clients to:

1)   Test for back-ups today

2)   Make sure all patches have been deployed fully.  See below for the advice given by Microsoft in May regarding Wannacry and check that it has been implemented:


3)     If affected, users need to isolate and disconnect machines from the network and keep them   
        on.  They must not turn the power off.  

4)    Advise all users to be extra vigilant for phishing attacks. 

5)     Call ZeroDayLab if they have any further concerns.

As ever, you can contact us on the following numbers in the event you have any concerns:

UK: 0207 979 2067
Manchester: 0161 883 2660
Ireland: +353 153 14575
Benelux: +31 208 085136
North America: 1-302-498-8322

No comments:

Post a Comment