Imagine arriving to this at work...
Employees at a sizable law firm were greeted with a low-tech message from the IT ops team during remediation efforts to combat the effects of the latest cyber threat.
Other companies such as A.P. Moller-Maersk (Danish shipping company) and Merck (US pharmaceutical company) have reported infections.
On 6/27/2017 a strain of malware currently called "Petya" (we latter heard that it wasn't actually the previously seen Petya strain but similar, now called Petna or NotPetya) began to make a widespread presence around the world, spreading in a similar way to the "WannaCry" strain that we saw around a month ago by leveraging an exploit in the SMB protocol.
The difference here is that this strain, once installed, overwrites the Master Boot Record and subsequently reboots your PC to complete the encryption process. If you wind up with it you're likely to see a screen like this on your computer:
The problem only gets worse because the email associated with the ransom payment process, which by the way is in Bitcoin (What is bitcoin?), has reportedly been shut down so what started out as Ransomeware (your files get encrypted, you pay money, you get decryption key) is simply network napalm.
What should I do?
- Report anything suspicious to the IT Department via a Support Request or phone call.
- Finish your Security Awareness Training if you have not already done so.
- Stop and think before you click on any link or open any attachment in an email.
- Make sure that your Windows computer is patched to date. At least one of the exploits that this strain uses has been patched by Microsoft earlier this year. Run Windows Updates!
- Make sure that you have a backup of your data. If your critical data is encrypted there's a good chance that you won't recover from this one.
- Get your family and friends security trained with the KnowBe4 FREE home course which is available to Schuster employees and their families.