Security Advisory: Petya Based Ransomware

You may be aware that on June 27th 2017, a new strain of ransomware has been identified that has originated in Europe and is spreading rapidly across the globe.

What is it?

The ransomware in question is based on the previously detected Petya ransomware and is spreading via email, through fake invoices, job offers and other lures with an infected attachment that may be a zip, pdf or other common file type that initiates the infection.

The nature of this ransomware is very similar to the WannaCry outbreak last month in both attack vector and behaviour.

The virus essentially holds your files hostage and demands a ransom of $300 to $600 in bitcoin to be paid by a specified date. If it is not paid by that date the fee increases over time until it is paid or removed.

The virus works by exploiting vulnerabilities in un-patched Windows operating systems including Windows 7, 8, 10 and Windows Server platforms.
What to look for:

If you have been infected, you will see the following or similar displayed on your screen:

If you see this notice or something similar you should immediately contact answers IT so we can act as fast as possible to contain and remove the threat.

Top Tips

1) Do not open or respond to emails that look suspicious, unusual or from someone you don’t know that ask you to make an action such as provide personal information, credit card details or ask you to make a payment. If the email claims to be from a genuine company, but originated from a free web-based email service such as Gmail or Hotmail, it’s likely to be spam.
2) Do not open an attachment you weren’t expecting, especially if you don’t know the sender. Often malicious code masquerades as Word documents, PDF files or some other file type.
3) Just as you should not open attachments, do not click on a link in an email unless you are 100% sure it is safe to do so. It is easy to inject an infected hyperlink into the body of an email. If in doubt, delete (or check with the sender or our helpdesk).
4) Have an active Support Agreement with answers IT, which will provide you with proactive maintenance to minimise risks against ransomware attacks.

As an answers IT customer, are you protected?

Yes! In simple terms, this ransomware itself is similar to others that have been seen before. It’s the advanced delivery mechanism that is catching organisations off guard.

Managed Service Customers

If you are an Answers IT managed service customer, please take comfort in the fact that you are also covered by additional defences to decrease your risk of infection. We regularly scan for and apply patches to your systems that protect against these vulnerabilities.

If you have any questions, please do not hesitate to contact our support team on 07 3123 7929 or email us on support@answersit.com.au