As you may or may not have heard in the news, there is a new ransomware outbreak running primarily through Europe. This one is called Petya, and is fairly similar to WannaCry. It spreads through the same vulnerabilities in Windows that WannaCry used. The initial attack vector appears to have been an infected Excel document.
Everything we did (and do) to protect our customers from WannaCry will help block this threat. All machines have been patched to remove the Microsoft vulnerability, our antivirus signatures will detect it, and our FortiGate firewalls will stop it as well. Other than the usual best practices (don’t open suspicious attachments, don’t click on suspect links), there is nothing our customers need to do.
Tech Detail: While this is a worm variant of ransomware like WannaCry, it doesn’t just encrypt the likely ‘important’ files on the computer. It also encrypts the master boot record, and reboots the system every hour, making for a partial denial-of-service issue as well.
For “casual” reading: