Security alert petya ransomware attack
If you are on our maintenance plans, don’t worry we’ve got you protected. We keep your systems up to date with Windows and Sophos security to prevent this ransomware attack. If you are not under a maintenance contract with us, contact us today so we can ensure you get the protection you need.
A new strain of ransomware dubbed “Petya” is worming its way around the world with alarming speed. This malware spreads by exploiting a vulnerability in Microsoft Windows that Microsoft patched in March 2017 the same bug that the recent and prolific WannaCry ransomware strain used. Petya also spreads internally by breaking admin passwords and infecting other PCs on the network using remote admin tools. It can also move laterally by infecting network shares on other computers.
Customers using Sophos Endpoint Protection receive protection against all recent variants of this ransomware attack. We issued the first protection on June 27th at 13:50 UTC and have released several updates since then to guard against future variants. Additionally, customers using Sophos Intercept X received proactive protection from the moment this new ransomware variant appeared, with no data encrypted.
HERE’S WHAT WE URGE YOU TO DO RIGHT NOW:
Install the latest patches, including the one in Microsoft’s MS17-010 bulletin. (If you’re under a maintenance contract with us, we’ve already completed this.)
Block the Microsoft PS Exec tool from running on users’ computers. Petya uses a version of this tool to spread automatically. You can block it using a product like Sophos Endpoint Protection. (We’ve already done this for our maintenance clients.)
Back up your data regularly and store a recent copy off-site. A ransomware attack isn’t the only threat—fire, flood, theft, a dropped laptop, or accidental deletion can also cause data loss. Encrypt your backup to protect it from falling into the wrong hands.
Avoid opening attachments in emails from unknown senders, even if you work in HR or accounting and handle attachments frequently.
Download the free trial of Sophos Intercept X. For home (non-business) users, register for the free Sophos Home Premium Beta, which prevents a ransomware attack by blocking unauthorized encryption of files and disk sectors.
For more information on this ransomware attack and how to prevent future incidents, please refer to our additional resources.
Please forward this message to others in your company to raise awareness. These types of attacks can also affect home computers, so we recommend installing all Windows updates and using Sophos Home for personal PCs. (Note: Sophos Home is not intended for business use.)
