As you may have heard on the news, a new and prolific strain of ransomware has been unleashed on the world. TechSoft Systems is working hard to ensure that each of our customers is protected from this attack and we have taken steps to thwart it.
At approximately 9:00 AM the TechSoft Systems Malware Response Team was alerted by our industry partners that a new strain of a ransomware known as Petya had been taking over systems and networks in Europe. This particular strain of the Petya ransomware is using the ETERNALBLUE vulnerability, taken advantage of by the WannaCry ransomware last month.
At the time of writing, this ransomware attack seems to be targeted at European, specifically Ukrainian, Financial Services and Energy and Utility companies. In addition several US sectors also seems to be secondary targets of Petya. These sectors include US Seaports, Healthcare, and Retail companies.
Clients who have Managed Services or Managed Security Services have 100% coverage of the needed Microsoft Security patch on monitored devices.
Microsoft released a patch in March of 2017 to fix this vulnerability under Microsoft Security Bulletin, MS17-010. If you have yet to install the March 2017 Security Update for your Microsoft Windows system, we recommend that you do so immediately.
Here are some critical questions for your business or organization:
Do you have backup and disaster recovery systems in place?
A properly implemented backup and disaster recovery system is an effective mitigation tool for ransomware attacks.
Is all of your software up-to-date?
Implementing a automated patch management system or using a managed services provider (who manages patching services for you) can keep your systems from being vulnerable to many different types of malware and security issues.
Do you have anti-malware protection?
Having anti-malware software on your computer may NOT be enough to protect your entire network. Utilizing a multi-layered approach to anti-malware protection, including a next-generation firewall, spam and virus filtering on your email, and a proper training plan for your employees can help yours and your clients’ data security.