Another global ransomware attack – Petya

Posted by Ian Hight on Jun 28, 2017 2:11:43 PM

Topics: Data centre services, Development integration & analytics, Business drivers

Protect your digital assetsBarely a month after the WannaCry ransomware virus made its presence felt around the world, today we learn of a new ransomware campaign known as Petya. This new virus is affecting computer networks using Microsoft Windows. It was first seen affecting systems in the Ukraine, but has quickly spread across other computer networks in Europe and further afield. In an advisory issued at 9:30 am this morning New Zealand’s government cyber safety Computer Emergency Response Team (Cert NZ) stated that they had no reports of Petya ransomware affecting New Zealanders.

The cyber attack is believed to be a form of ransomware which Cert NZ describes as a malicious software that shuts down computers and demands a ransom to be paid for them to be unlocked. Some international business which have offices in New Zealand are reported to have been impacted overseas. They include law firm PLA Piper, advertising firm WPP and shipping giant Moller-Maersk.

To help prevent an attack, it’s critical to ensure that all systems in a network are patched. Petya gets into unpatched versions of Windows systems (XP through 2008 R2) by exploiting a vulnerability in Microsoft's Windows SMB server. If Petya enters a network through an unpatched system, it will be able to spread to any other trusted systems in the same network, even if they have been patched.

This vulnerability exploited by Petya is known as EternalBlue. Microsoft released a patch for EternalBlue, called MS17-010, in March this year.  The ransomware encrypts not only the file system on affected computers but also the Master Boot Record (MBR) in environments where the malware is able to do so.

If you would like any assistance to deal with the Petya threat, please contact our support desk.