A major cyber attack affecting all Windows servers, PCs and laptops has affected many multinational organizations across Europe, which some researchers have identified as an updated variant of Petya ransomware.
Symantec and others have confirmed this ransomware is using the same exploit leveraged by last month’s WannaCry attack. The exploit in question, EternalBlue, was leaked by the Shadow Brokers back in April, and is believed to have been developed by the NSA. This attack is focused on the Master Boot Record (MBR) of the infected system, however based on current information, this is the same exploit many of you have been protected against since last month’s WannaCry fire drill.
If you manage your company’s patching, we recommend doing the following immediately:
- Apply security updates in MS17-010
- Block inbound connections on TCP Port 445
- Create and maintain regular back-ups so if an infection occurs, you can restore your data
We’ve got you covered.