Alert - Guidance Concerning "Petya Ransomware

Alert - Guidance Concerning "Petya Ransomware

This alert is to provide you with guidance concerning the ransomware issue being discussed broadly in the press starting on Tuesday, June 27, 2017, and causing a large volume of customer inquiries.  This ransomware is being described by the press and security researchers as “Petya Ransomware.”

Overview

Microsoft’s antivirus software detects and protects against this ransomware. Our initial analysis found that the ransomware uses multiple techniques to spread, including two which were addressed by a security update (MS17-010) previously provided for all platforms from Windows XP to Windows 10.

  

Malware Detection

Windows Defender, System Center Endpoint Protection, and Forefront Endpoint Protection detect this threat family as Ransom:Win32/Petya. Ensure you have a definition version equal to or later than:

·        Threat definition version: 1.247.197.0

·        Version created on: 12:04:25 PM : Tuesday, June 27 2017

·        Last Update: 12:04:25 PM : Tuesday, June 27 2017

In addition, the free Microsoft Safety Scanner http://www.microsoft.com/security/scanner/ is designed to detect this threat as well as many others.

Those with a solution from an antivirus provider other than Microsoft should check with that company.

Recommendations

Three specific steps customers can take to mitigate against new ransomware: 

1.      Ensure you have the latest security updates installed

2.      Ensure you have the latest AV Signatures from your preferred AV vendor

3.      Do not open email/attachments from unknown/untrusted sources

Additional Resources

·        The Microsoft Security Tech Center: https://technet.microsoft.com/en-us/security/default

·        The Microsoft Security Update Guide: http://aka.ms/securityupdateguide