A new ransomware variant is spreading quickly across the globe at the time of this writing. There is no consensus yet in the security research community, so the following information is provisional in nature:
Go to Wordfence for solutions and updates!
— Public Service Announcement
from the AMN IT Department
The ransomware has been dubbed “Petya.” It likely spreads by using two separate exploits. You don’t need to click on anything or take any action. This can spread into your system through the network. That is why it is having such a wide impact and why it is important that you update your system to protect yourself.
For the technically minded: This ransomware is exploiting a vulnerability in Microsoft Office when handling RTF documents (CVE-2017-0199). It also exploits a vulnerability in SMBv1 which is the Microsoft file-sharing protocol. This second vulnerability is described in Microsoft security bulletin MS17-010.
The ransomware has affected a large number of companies, organizations and government entities on an international scale. The following is a screenshot of the ransomware page you are confronted with once your files are encrypted:
Colin Hardy has provided a behavioral analysis of Petya, which includes a video demonstration of the malware in action:
Who This Has Affected So Far
A Ukrainian state power company and Kiev’s main airport were among the first to report issues.
The Chernobyl nuclear power plant has had to monitor radiation levels manually after they were forced to shut down the Windows systems that their sensors had been using.
Antonov aircraft has reported being affected.
Copenhagen-based shipping company Maersk is experiencing outages in multiple IT systems and across multiple business units.
Food giant Modelez, which makes Oreo and Toblerone, has also been hit.
Netherlands-based shipping company TNT was also hit.
French construction company St. Gobain has been affected.
Pharmaceutical company Merck says they have systems affected.
Law firm DLA Piper was hit.
Heritage Valley Health System, a US hospital operator, has also been hit.
Kiev’s metro system has stopped accepting payment cards because they were affected.
The list is long and growing; the above just a snapshot.