Alert - Guidance Concerning "Petya Ransomware
This alert is to provide you with guidance
concerning the ransomware issue being discussed broadly in the press starting
on Tuesday, June 27, 2017, and causing a large volume of customer
inquiries. This ransomware is being
described by the press and security researchers as “Petya Ransomware.”
Microsoft’s
antivirus software detects and protects against this ransomware. Our initial
analysis found that the ransomware uses multiple techniques to spread, including
two which were addressed by a security update (MS17-010) previously provided
for all platforms from Windows XP to Windows 10.
Malware Detection
Windows Defender, System
Center Endpoint Protection, and Forefront Endpoint Protection detect this
threat family as Ransom:Win32/Petya.
Ensure you have a definition version equal to or later than:
·
Threat definition version: 1.247.197.0
·
Version created on: 12:04:25 PM : Tuesday, June 27 2017
·
Last Update: 12:04:25 PM : Tuesday, June 27 2017
In addition, the free Microsoft Safety Scanner http://www.microsoft.com/security/scanner/
is designed to detect this threat as well as many others.
Those with a solution from an antivirus provider other than
Microsoft should check with that company.
Three specific steps
customers can take to mitigate against new ransomware:
1.
Ensure you have the
latest security updates installed
2.
Ensure you have the
latest AV Signatures from your preferred AV vendor
3.
Do not open
email/attachments from unknown/untrusted sources
·
The Microsoft Security
Update Guide: http://aka.ms/securityupdateguide