【Attack Alert】The Petya ransomware activity occurred frequently recently, please update the operating system, Office application and anti-virus software immediately, and pay additional attention to the usual data backup operation.

Many countries around the world was continually reported attacked by Petya ransomware on the evening of June 27, 2017. The most severely affected areas by this disaster are Ukraine, Russia, and Eastern Europe. The attackers mainly utilize social engineering emails to induce users to open attachment files and to execute malicious code by attacking Office RTF vulnerability (CVE-2017-0199) to gain control of the system. By cooperating with Microsoft MS17-010 vulnerability, Windows remote management command Psexec or WMIC (Windows Management Instrumentation Command-line) to spread internally, the Master Boot Record (MBR) and Master File Table (MFT) of the infected host will be encrypted, resulting in inaccessibility to the operating system. Only a message of requesting a ransom will be showed on the computer screen.

Affected Platforms:
  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows 8.1
  • Windows RT 8.1
  • Windows 10
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016

Recommended Countermeasures :

1. Make sure to keep updating computer's operating system, Office applications, and anti-virus software to the latest version. The the patches of operating system vulnerability and Office application vulnerability that the Petya ransomware exploited have been released in March and April respectively. Please go to Microsoft official website for update: (1)MS17-010https://technet.microsoft.com/zh-tw/library/security/ms17-010.aspx. Additionally, for operating system that has exceeded the maintenance cycle such as XP/Server 2003, please refer to the link for download and update: (https://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598). (2)CVE-2017-0199https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199 
2. Update the computer anti-virus software virus pattern.
3. The operating system login password should follow the complexity principle and should change the password periodically.
4. Regularly back up the files on the computer and the drill data recovery program.
5. Avoid opening unsolicited emails, including attachments and links.

1. https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199
2. https://technet.microsoft.com/zh-tw/library/security/ms17-010.aspx