Friday, June 30, 2017

ICS-CERT Publishes Petya Alert

Today the DHS ICS-CERT published an alert for the Petya malware variant. It includes a brief description of the action of the worm with the information coming from a number of linked sources. As we saw with the ICS-CERT WannaCry alert, the alert provides links to vendor information about how the malware may be dealt with in their affected systems. The vendors in this initial (I expect to see a large number of updates as more vendor information becomes available) include:

• Rockwell (account required for access).

It is interesting that the US-CERT’s Petya announcement is not include in the Alert links. Nor are links from Drager, Schneider, and ABB; all of which were discussed yesterday on LinkedIn and other outlets. No really new important information in any of these documents; keep Windows OS updated and block ports 139/TCP and 445/TCP, all adequately mentioned in ICS-CERT alert.

One point not really mentioned in any of these, Petya is a poster child for why you should not pay ransom. There are no guarantees that you’ll get your files unlocked even if you pay the requested ransom.

No comments:

/* Use this with templates/template-twocol.html */