Today the DHS ICS-CERT published an alert for
the Petya malware variant. It includes a brief description of the action of the
worm with the information coming from a number of linked sources. As we saw
with the ICS-CERT WannaCry
alert, the alert provides links to vendor information about how the malware
may be dealt with in their affected systems. The vendors in this initial (I
expect to see a large number of updates as more vendor information becomes
available) include:
• Rockwell (account required for access).
It is interesting that the US-CERT’s Petya
announcement is not include in the Alert links. Nor are links from Drager,
Schneider,
and ABB;
all of which were discussed yesterday on LinkedIn and other outlets. No really
new important information in any of these documents; keep Windows OS updated
and block ports 139/TCP and 445/TCP, all adequately mentioned in ICS-CERT
alert.
One point not really mentioned in any of these, Petya is a
poster child for why you should not pay ransom. There are no guarantees that
you’ll get your files unlocked even if you pay the requested ransom.
Posts
No comments:
Post a Comment