Security Alert: Petya Ransomware Attack

First of all, if you are on our maintenance plans, don’t worry, we’ve got you protected. Your systems are up to date with Windows and Sophos security that prevent this type of attack. If you are not under a maintenance contract with us, please contact us today and we can make sure you get the protection you need.

A new strain of ransomware dubbed “Petya” is worming its way around the world with alarming speed. The malware is spreading using a vulnerability in Microsoft Windows that the software giant patched in March 2017 — the same bug that was exploited by the recent and prolific WannaCry ransomware strain. Petya also attempts to spread internally by breaking admin passwords and infecting other PCs on the network using remote admin tools. It can also spread internally by infecting network shares on other computers.

Customers using Sophos Endpoint Protection are protected against all the recent variants of this ransomware. We first issued protection on June 27th at 13:50 UTC and have provided several updates since then to further protect against possible future variants. In addition, customers using Sophos Intercept X were proactively protected with no data encrypted from the moment this new ransomware variant appeared.

Here’s what we urge you to do right now:

  • Ensure systems have the latest patches, including the one in Microsoft’s MS17-010 bulletin. (If under a maintenance contract with us, this has been completed.)
  • Consider blocking the Microsoft PsExec tool from running on users’ computers. A version of this tool is used as part of another technique used by Petya to spread automatically. You can block it using a product such as Sophos Endpoint Protection. (If under a maintenance contract with us, this has been completed.)
  • Back up regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.
  • Avoid opening attachments in emails from recipients you don’t know, even if you work in HR or accounts and you use attachments a lot in your job.
  • Download the free trial of Sophos Intercept X and, for home (non-business) users, register for the free Sophos Home Premium Beta, which prevents ransomware by blocking the unauthorized encryption of files and sectors on your hard disk.

For more information on this ransomware and ways to help prevent attacks, please see more information here:

Please forward this to others within your company to ensure they are aware of the risks. These type of attacks can also affect home computers, so we want to make sure they are protected as well. We do recommend making sure all Windows updates are installed on home PC’s and using Sophos Home ( for those PC’s. Please note that Sophos Home is NOT recommended for business PC’s.