SMARTPAYROLL UPDATE @4.25pm (NZ) Wednesday 28 June 2017
SmartPayroll security teams have been actively monitoring this recent ransomware outbreak. The situation has been evolving throughout the day and we continue to discover further information.
Please find the following update to the Global Ransomware outbreak now known as “Petya”, and a variant known as “NotPetya”.
Advisory details (summary update as further information comes to fruition)
We’re continuing to learn more about this particular attack. We understand the initial attack vector could be either a phishing email with a malicious attachment or link OR a compromised software update for accounting based software MeDoc. If your organisation utilises MeDoc accounting software please be extra vigilant and ensure all updates have been applied.
Ransomware attack information
The ransomware infection requires elevated privileges to execute the propagation within a network;
The variant is a modified EternalBlue exploit (also used by WannaCry) which is mitigated by patch MS17-010;
The EternalRomance exploit (remote code execution) used by this variant is also mitigated by patch MS17-010;
An attack can also be launched by a compromised update mechanism of the accounting based software product MeDoc.
Actions that you should continue to take in your corporate environment
Ensure all Windows devices are patched to the latest releases and end users have up to date devices. This includes the recent Microsoft patch MS17-010;
Delete unexpected emails, especially any email that contains attachments, links, or attempts to solicit information;
Ensure Anti-Virus software is active and up to date;
Report any odd or suspicious behaviours – such as appearances of previously unseen programs or applications, or unexpected desktop behaviour to your IT Support Team.
Please be assured that Datacom is continuing to monitor this threat and will issue further updates as required.