A new variant of the WannaCry cryptovirus known as Petya, Petwrap or Goldeneye is rapidly spreading (see this BBC article). Like the original WannaCry outbreak, Europe and Russia seem hardest hit currently but this virus will likely move across the Atlantic quickly. Petya/Petwrap/Goldeneye is a very dangerous virus. As news of this cyberattack continues to evolve, what we know thus far is:
- The primary initial vector appears to be infected email. This virus retains the broadcasting abilities of the original WannaCry, so once the index machine is infected, it will quickly spread to unpatched systems.
- The virus infects the Master Boot Record of infected machines and prevents the system from booting without decryption.
Remediation
- The vulnerabilities exploited by the virus are patched with MS17-010 and the April 2017 Patch Tuesday MS Office roll-up (CVE-2017-0199). We strongly recommend both of those patches.
- We strongly recommend disabling SMBv1 on all systems.
- We recommend keeping offline backups to remediation in the event of an infection.
- We recommend keeping end users informed and vigilant against unsolicited email.
Be sure to check back to this page as we will update as more information becomes available.
The Fortified team is ready to address all of your healthcare cybersecurity concerns. Please immediately contact us if you fear that Petya/Petwrap/Goldeneye has impacted you or that you may be vulnerable to an attack.