Global Ransomware attack update – NotPetya
We are aware of a RansomWare outbreak which has been taking place and have been carefully monitoring the situation.
It was thought that it was based on Petya, an earlier version of the Ransomware, but has been named “NotPetya” due to significant differences. Aside of the standard process of encrypting documents it is also understood to have a payload which steals usernames and passwords from the infected computer. It then attempts to spread itself through email and windows shares exploiting an unpatched vulnerabilities.
The precise affected versions of Windows isn’t yet known, but we’re told Windows 10’s Credentials Guard spots NotPetya’s password extraction from memory.
We advise clients to remain vigilant at all times and not to open suspicious email attachments and websites.
As we know more we will keep you posted.
5th September 2017
19th July 2017
15th May 2017