Several cybersecurity firms and news outlets are reporting a new major cyberattack spreading across the globe. The attack, which is still developing and appears to have hit the UK first, is being described as a “global ransomware incident.” Some of the affected companies reportedly include British advertising firm WPP, Russian petroleum company Rosneft, and the National Bank of Ukraine. There have also been reports that multiple U.S. companies have been disrupted by the attack.
Initial reviews suggest the malware is another ransomware attack, coming shortly after the global WannaCry attack. This new intrusion may be exploiting vulnerabilities in Microsoft Windows to encrypt victims’ files. Once encrypted, the ransomware note has been demanding a $300-equivalent bitcoin payment. A preliminary review of the virus indicates it is PetrWrap, a strain of the Petya ransomware family, which can encrypt a network’s entire hard drive by overwriting the hard disk drive’s master boot record.
To help avoid becoming a victim, some preventative measures that can be taken immediately include:
- Ensure your network has updated security patches and is otherwise protected against PetrWrap, WannaCry and known system vulnerabilities.
- Frequently backup your data onto an isolated and segmented network.
- Remind your employees to practice caution before opening any document or email.
- Review your incident response plan and identify those decisions and considerations that are most relevant to ransomware events.
- Identify outside resources – legal counsel and forensics and public relations firms – that may be needed in the event that you are impacted by ransomware.
- Review applicable insurance policies and understand relevant terms.
The McGuireWoods Data Privacy and Security team will continue to monitor the attack as it develops and we stand ready to assist anyone affected by it. For more information, an in-depth ransomware response plan can be found here.