
- The company is still learning more about this ransomware but research suggests it is similar to WannaCry but much more sophisticated. It seems to be leveraging the same EternalBlue vulnerability in Microsoft Windows (which Microsoft issued a patch for back in March).
- Early research suggests this is a strain of the Petya ransomware which was seen last year but this is not entirely confirmed.
- As with WannaCry, there is no indication that paying the $300 in Bitcoin actually results in the infected machine being remedied. For any ransomware attack it is always recommended to not pay the ransom.
- The immediate action to help protect against this attack is to ensure all Windows machines on the network are patched with the MS17-010 patch. It is also recommended to have a robust backup and recovery mechanism in place.




