Yet another massive ransomware attack called NotPetya (or Goldeneye) was launched this week using some of the same techniques to spread as the WannaCry ransomware. We anticipate that this will become an increasing trend in 2017. Last month, we sent a similar notice to call attention to the urgency of the issue, provide Windows Update instructions, and additional helpful information for ongoing protection. As a courtesy, we have included the same information again below.
Like the WannaCry ransomware attack, this attack is unique in the way it spreads. Initially, the virus infects a system typically through an email attachment or website link. Once a single user is infected, the ransomware virus attempts to spread throughout the local network like a worm by scanning and exploiting unpatched security holes in the Windows operating system on other systems. The specific security holes exploited are among those that came to light after the recent high-profile NSA hack. Unlike before, the virus may also attempt to spread throughout the network by harvesting administrative credentials from processes running in memory on the same system and use them to issue network management commands via WMI or PSExec to other systems.
A patch was released by Microsoft in March for supported operating systems which resolves some of the security holes used to push the infection over the network. Operating systems that are fully patched with the latest Microsoft updates are not vulnerable including Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8.1, Windows Server 2012, Windows 10, Windows Server 2012 R2, Windows Server 2016. In breaking with tradition, Microsoft has released patches for long unsupported operating systems to help protect users including Windows XP, Windows 8 (not upgraded to 8.1), and Windows Server 2003.
For anyone whose workstations are not covered under a monthly IT management agreement with us, action is required on your part to ensure that your systems are fully patched. In the Control Panel under Windows Updates (Windows XP through 8.1) or Start Menu Settings under Update & Security (Windows 10), download and install all available updates as soon as possible for all Windows-based systems. As a reminder, a reboot is usually required to complete the update process which will be indicated by a prompt. You may need to repeat this process more than once until there are no more updates listed. Once all updates have been installed, your system will be fully patched. Additionally, you should make sure that all systems are protected with a paid security software as most free products lack critical protections necessary to detect ransomware.
Keep in mind that an unpatched security hole is only one of the ways this particular virus spreads. With any malware it is still possible to contract an infection by opening virus attachments in an email or visiting an infected website. We would like to take this opportunity to remind you to exercise caution when opening any emails with attachments or website links – especially if the email was unexpected. It is a best practice to be skeptical of any email containing attachments or website links regardless of sender. Always take care to vet the authenticity of the email before opening the attachment or clicking on any links. It is easy for an attacker to spoof (or “fake”) the sender address of an email in an effort to have you open it. Other times attackers use generic wording to accomplish the same task referencing a voicemail, package delivery, fax, IRS correspondence, or wire transfer. When in doubt, contact the sender by phone or by sending a new separate email (do not use the reply option) to confirm the original message is legitimate.
Ongoing protection against this type of attack or mitigating the impact of such an infection successfully requires the following key IT systems in place:
Security patch management for Windows and third party programs like Adobe, Java, Flash, Chrome, Firefox, etc
Enterprise-grade endpoint security software (ie: anti-virus, anti-malware, anti-ransomware, etc)
Email security and spam filtering
Air-gapped backups that support multiple restore points or file versioning
We offer a variety of monthly services to proactively address all of these components which will take the guess work out of protecting your systems. Please contact us for more information or with any questions.