Knowledge Base

Updated 6/28: New Ransomware Outbreak

June 27th, 2017

It has come to our attention that a new wave of Ransomware outbreaks has struck thousands of companies throughout Europe, Asia, and parts of the United States.  CIS is monitoring the situation and will be providing ongoing updates to clients who may be impacted.  As always, caution and diligence are the best answers in a situation like this.  Further information for remediation and protection will be provided as new details emerge.

The malicious code is still under analysis from Security and Cyber Crimes experts from around the world.  Roughly two thousand companies have reported infection, including giant enterprises such as Merck and Maersk, as well as critical government and private infrastructure in areas like power, healthcare, and emergency response.  The target list also appears to include numerous small and medium sized organizations, such as law firms and accounting firms.  Much like the recent “WannaCry” outbreak, the attack encrypts company data and demands a ransom; in this case $300 in bitcoin is the common demand, to unlock data.

As with any ongoing investigation, there have been numerous conflicting reports about the malware itself.  At this time, we can report the following recommendations with confidence:

  • The malware demands a $300 ransom paid in Bitcoin to release the encryption imposed that prevents users from accessing their devices.  This ransom should NOT be paid under any circumstances.  Communication with the email addresses provided in the ransom demand has been shut down, and there will be no recourse to recover data after paying.
  • Most major anti-malware installations [McAfee, Norton] already have signatures to block the malware.  So being updated can prevent this.
  • Creating a file called “perfc” with no extension in the C:\Windows directory prevents the malware from encrypting files.

CIS advises clients to be diligent about rolling out any critical patches and updates released by Microsoft or other key vendors.  End-user education is also increasingly important, in this scenario CIS recommends that a company-wide message be sent, reminding end-users not to click on anything in an email unless they are absolutely sure of the source and content.

We will provide further updates as more information emerges.  If you have experienced a security breach, or would like to discuss any concerns or best practices approaches to IT Security, please contact us:  212-577-6033 / http://cisus.com/contact