What has happened?

On June 28, 2017 a new variant of the Ransom.CryptXXX family has been reported. Currently being called Petya which looks to be based on an older 2016 ransomware by the same name. This ransomware began spreading widely impacting a large number of organisations. As of 7:00 am the infections are largely clustered in Ukraine, Russia, Poland, Italy and Germany. The infection is predicted to spread to a much wider area reasonably quickly.

What is the Petya ransomware?

Petya encrypts data files (rendering your data unusable) and asks users to pay a US$300 ransom in bitcoins. Petya additionally tries to spread across networks once on an infected machine. It does this by searching for passwords on infected machines, and exploits them to try to talk to other machines on the network and install itself on them. This makes it much more dangerous than normal ransomware.

Are you protected?

Similar to the recent WannaCry outbreak, Petya exploits vulnerabilities within the Windows operating system. This means that as long as your workstation is up to date with its Operating System patching, the risk is greatly diminished.

The I.T. team is confident that the vast majority of workstations under our care (i.e. within one of our formal IT support arrangements) are protected from this exploit, however we are currently double checking all workstations as a precaution, and verifying that they are patched adequately for this vulnerability as advised by Microsoft.

Organisations with adequate backups can recover from an infection by reinstating files from backups, but this is a time-consuming exercise. By far the best cure is prevention.

What happens next?

For workstations which are managed by the I.T. team, as a protective measure you may be asked via automated message to reboot your machine, to allow essential patching to take place. It is strongly recommended that you do not delay this, and reboot immediately. This will allow latest updates to take effect straight away and secure any vulnerabilities.

If you do not know whether your workstations are managed by the I.T. team, simply ask your I.T. team account manager and they will be able to verify this for you. If you do not currently have any formal IT management in place, but would like to explore the options, get in touch.

What else can you do?

Look out for suspicious or unsolicited email, with unusual attachments or instructions. In particular, anything which has an attachment you are unsure of, or if the email is asking you to follow a link. All mail that has been placed in your Junk/Spam folder should be treated as highly suspect. If there is any doubt whatsoever regarding a suspicious email, do not open any associated attachments or follow any links.

If you are at all unsure, please call the I.T. team on 0800 488 326. A 5-minute verification check by our team is preferable to a company-wide attack which can take days to fix. At the same time, we can give you some useful tips on signs to look out for when encountering suspicious email.