Throughout the afternoon we have been monitoring a developing global situation with a new version of the highly publicised WannaCry attack. This major attack has struck both in the USA and Europe and is the second of such attacks in as many months causing serious disruption at major organisations in many countries.
It appears to be a new variant of an old particularly vicious version of Ransomware with some data stealing tools built in also. This strain is known as Petya and affected system are non recoverable and non backed up data and systems are being lost.
The information is emerging in pieces as would be expected and as each hour passes more information is being gathered and shared. At this point we believe that recent patching against WannaCry closes the door on this variant however extreme caution is advised for all users.
Many are concerned about protecting themselves from Ransomware at this stage. DNA IT Solutions would advise accordingly:
- Do not open mails with suspicious attachments or with pdf or other documents that you were not expecting. The usual vector to start these infections is via email and a link asking you for more information and for usernames and passwords.
- These links usually direct to an official looking site (UPS, Fedex , Netflix , Paypal) and look for user names and passwords.
- Do not browse any non-work related websites. Infections have been known to come via “malvertising” on pages where a link to an ad is actually opening a backdoor to allow rogue software enter a system.
- XP PC’s and laptops and Windows 2003 servers are particularly vulnerable so please be extra vigilant if using these Operating Systems
- If you question whether a mail is genuine then it is a risk so the advice is not to open it.
- If you observe any suspicious activity, please shut down the system affected contact your managed IT Service provider immediately.
DNA IT Solutions work with Sophos to provide the best security for IT infrastructures we can. Broader information on the Sophos approach and guidelines is available here