How can you and your company protect yourself?
- Make sure you keep servers and PCs fully patched. PCs are often neglected or not monitored and people think auto-patching has worked; don’t use Windows XP!
- Keep up on your Defense in Depth with your IT: don’t rely on a single layer of security. Leverage “good” anti-virus, firewall, deep packet inspection on firewalls, etc.
- Have your IT department check your Internet-of-Things (IOT) devices like network printers, security cameras, wireless access points… all for the latest updates and proper configuration
Not only was Europe affected yesterday, but many US companies continue to be impacted by the latest cyber attack. The latest is named Petya. In the US, companies like Merck MRK & Co., and the L.A. Port Terminal have reportedly been affected.
Petya is a nasty piece of malware that, unlike other traditional ransomware, does not encrypt files on a targeted system one by one. Instead, Petya reboots victims computers and encrypts the hard drive’s master file table (MFT) and renders the master boot record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk.
How Did Petya get into the Computers in the First Place?
According to research conducted by Talos Intelligence, little-known Ukrainian firm MeDoc is likely the primary source of the yesterday’s global ransomware outbreak.
Researchers said the virus has possibly been spread through a malicious software update to a Ukrainian tax accounting system called MeDoc, though MeDoc has denied the allegations in a lengthy Facebook post.