Just this morning, a deadly new strain of ransomware called Petya has been spotted in the wild — and is growing rapidly.  According to ABC News, there have been reports of Petya striking government systems and telecommunications providers throughout Europe.  There are also unconfirmed reports that systems in North America may be impacted as well.

Containment and Response:

  1. Immediately disconnect as many computers, servers, backups, USB thumbdrives, external hard drives, laptops, WiFi and any other means of data communication as quickly as possible.
  2. Implement firewall rules that block inbound and outbound TCP and UDP traffic on ports 137,138,139,445, and 3389 at all levels.
  3. Begin patching systems as soon as possible.  The recommended patches are as follows:
  • Windows Server 2008 (all editions) – KB4012598
  • Windows Server 2008 R2 – KB4012212 (security only) or KB4012215 (monthly rollup)
  • Windows 7 – KB4012212 (security only) or KB4012215 (monthly rollup)
  • Windows 10 (all editions) – KB4012606 or KB4013198 or KB4013429
  • Windows Server 2012: KB4012214 (security only) or KB4012217 (monthly rollup)
  • Windows Server 2012 R2: KB4012213 (security only) or KB4012216 (monthly rollup)

Net Force will be available to respond to all requests for cybersecurity consulting and advisory during any cybersecurity or ransomware attack.