Petya Ransomware Alert

Just over a month since the huge WannaCry ransomware outbreak, a new variant called “Petya” has infected thousands of computers in the last 24 hours. These infections began in Ukraine, France, UK, and Denmark but are now spreading globally including the US.  The initial infections have been observed occurring in two ways – through email phishing, tricking users into downloading malicious RTF or XLSX files which exploit a known ‘SMBv1’ Microsoft vulnerability.  Or by exploiting a hole in a Ukranian tax accounting program called MeDoc.  The difference is that once Petya infects one vulnerable system, it can spread laterally to other systems on your network, even if they are fully patched.  So it’s critical to prevent the initial infection.

If you or a co-worker accidentally open one of these phishing email attachments, you might infect not only your own workstation, but immediately everyone else’s computer too. Be very careful when you get an email with an attachment you did not ask for. If there is a .zip file in the attachment, do not click on it but delete the whole email. Remember: “When in doubt, throw it out!”

Microsoft security bulletin MS017-010 released on March 14, along with patches fixing this flaw.  Only unpatched machines are vulnerable to the initial Petya ransomware infection.  For current Appalachia ATManage (Managed Services) customers, we have already applied the MS patches, so you are protected.

In addition, Appalachia ATProtect (Managed Security Services) customers have been proactively monitored for this attack since April 18th.  ATProtect customers may also take advantage of regular vulnerability scanning, identifying any vulnerable Windows systems. 

Lastly, ensure that your critical systems and data are backed up and ready to restore.  These backups should be kept offline or ‘air-gapped’. 

If you’re interested in understanding more about Appalachia’s managed services and how we can help protect your environment, contact us at: