A new ransomware variant is spreading quickly across the globe at the time of this writing. There is no consensus yet in the security research community, so the following information is provisional in nature:

Go to Wordfence for solutions and updates!

— Public Service Announcement
from the AMN IT Department

More info:

The ransomware has been dubbed “Petya.” It likely spreads by using two separate exploits. You don’t need to click on anything or take any action. This can spread into your system through the network. That is why it is having such a wide impact and why it is important that you update your system to protect yourself.

For the technically minded: This ransomware is exploiting a vulnerability in Microsoft Office when handling RTF documents (CVE-2017-0199). It also exploits a vulnerability in SMBv1 which is the Microsoft file-sharing protocol. This second vulnerability is described in Microsoft security bulletin MS17-010.

The ransomware has affected a large number of companies, organizations and government entities on an international scale. The following is a screenshot of the ransomware page you are confronted with once your files are encrypted:

Colin Hardy has provided a behavioral analysis of Petya, which includes a video demonstration of the malware in action:

Who This Has Affected So Far

A Ukrainian state power company and Kiev’s main airport were among the first to report issues.
The Chernobyl nuclear power plant has had to monitor radiation levels manually after they were forced to shut down the Windows systems that their sensors had been using.
Antonov aircraft has reported being affected.
Copenhagen-based shipping company Maersk is experiencing outages in multiple IT systems and across multiple business units.
Food giant Modelez, which makes Oreo and Toblerone, has also been hit.
Netherlands-based shipping company TNT was also hit.
French construction company St. Gobain has been affected.
Pharmaceutical company Merck says they have systems affected.
Law firm DLA Piper was hit.
Heritage Valley Health System, a US hospital operator, has also been hit.
Kiev’s metro system has stopped accepting payment cards because they were affected.
The list is long and growing; the above just a snapshot.

Share this article:
  • 18
ALSO READ  Azerbaijani forces attempt to advance in southern Karabakh despite ceasefire announcement
A deep interest in foreign policy & geopolitical events. Also a staunch supporter of those who fight extremism of any kind. "If you see the world in black and white, you're missing important grey matter." -- Jack Fyock

Notice: All comments represent the view of the commenter and not necessarily the views of AMN.

All comments that are not spam or wholly inappropriate are approved, we do not sort out opinions or points of view that are different from ours.

This is a Civilized Place for Public Discussion

Please treat this discussion with the same respect you would a public park. We, too, are a shared community resource — a place to share skills, knowledge and interests through ongoing conversation.

These are not hard and fast rules, merely guidelines to aid the human judgment of our community and keep this a clean and well-lighted place for civilized public discourse.

Improve the Discussion

Help us make this a great place for discussion by always working to improve the discussion in some way, however small. If you are not sure your post adds to the conversation, think over what you want to say and try again later.

The topics discussed here matter to us, and we want you to act as if they matter to you, too. Be respectful of the topics and the people discussing them, even if you disagree with some of what is being said.

Be Agreeable, Even When You Disagree

You may wish to respond to something by disagreeing with it. That’s fine. But remember to criticize ideas, not people. Please avoid:

  • Name-calling
  • Ad hominem attacks
  • Responding to a post’s tone instead of its actual content
  • Knee-jerk contradiction

Instead, provide reasoned counter-arguments that improve the conversation.