Petya Ransomware Attack – Windows Patch
Windows devices need to be patched immediately if they are missing a critical Windows patch, to protect from the current ransomware attack.
On June 27, 2017 the “Petya” ransomware strain began spreading widely impacting a large number of organizations, particularly in Europe.
Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. Open-source reports indicate that the ransomware exploits vulnerabilities in Server Message Block (SMB). It has two layers of encryption: one that individually encrypts target files on the computer and another one that encrypts NTFS structures. This approach prevents victims’ computers from being booted up in a live OS environment and retrieving stored information or samples. Additionally, after the encryption process is complete, the ransomware has a specialized routine that forcefully crashes the computer to trigger a reboot that renders the computer unusable until a $300 ransom is paid.
If you have yet to install the Microsoft fix—MS17-010— you should do so immediately. Be extremely suspicious of all e-mails you receive, particularly those that ask the recipient to open attached documents or click on web links. You should also ensure that your backups are current.