June 28
NotPetya Ransomware

You may have heard about the recent ransomware attacks affecting the Ukraine and other parts of the world.  This new variant of ransomware is being referred to in the media as "NotPetya" due to its resemblance to another variant.  This malware uses multiple tools to spread through a network, infecting machines and extracting administrator credentials from memory.  It is extremely destructive and has already shown to have the capability of disrupting massive businesses worldwide.

The Cybersecurity team is doing everything possible to block this malware as well as monitor for any potential infections.  However, we are asking for everyone to please ensure that all Microsoft systems are updated to its highest patch level.  Sophos also has been updated to prevent any infection from this variant, but they have specified that in order to catch this before it can do damage, the "LiveProtection" feature must be turned on.  There are also reports that by creating a read only file named C:\Windows\perfc.dat can prevent the malware from encrypting data but not prevent the spread of this worm.

If you see any machine displaying the following information, power off the machine immediately and contact the Cybersecurity Team:


Thank you for your help and cooperation in fighting this new malware outbreak.  Please do not hesitate to contact Bill Miaoulis or Daniel Newton with any questions.  If you would like to read more about this malware, visit:  https://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware/.


There are no comments for this post.