June 29, 2017
You may have seen news reports today about a new ransomware variant called “Petya.” Below is information on Petya, how to spot a ransomware attack, what you should do to reduce your risk, and what the IT Security Office is doing to protect KU data and systems.
What is Petya?
Petya is ransomware. Data on infected computers (and any attached storage, such as KU “G:” drives, external USB drives, etc.) is encrypted and held for ransom. In this case, payment is demanded in the form of a partial Bitcoin.
What should you do if you think your computer is infected with ransomware?
- Call your departmental IT Support Staff or the IT Customer Service Center (785-864-8080) immediately so that they can begin coordinating with the IT Security Office.
- DO NOT PAY THE RANSOM, especially in the case of Petya. The email address associated with ransom payments for Petya has been suspended, and you will not receive decryption keys to unlock your files.
How does Petya work?
Petya exploits the same vulnerability (MS17-010) that WannaCry exploited. The patch for this vulnerability was released in March of 2017. Petya spreads two ways:
- Via email with an encrypted Word document attachment
- Via the network in the fashion of a worm
What can I do to protect my computer and my data?
- Never open suspicious attachments or click links you receive in an unknown email, even “just to have a look.” The simple act of opening an attachment or webpage is frequently all it takes for your system to be infected.
- Forward suspicious emails to email@example.com.
- Reboot your computer daily to ensure all patches and updates are installed. KU IT automatically sends out patches to KU computers, but rebooting is an essential step.
- On your home computer, make sure you have downloaded and installed the latest patches, and rebooted your computer to complete the process.
Have there been any Petya infections at KU?
No. The IT Security Office did receive a message with the malicious attachment that spreads Petya. The recipient did the right thing by reporting it to firstname.lastname@example.org
, and we were able to analyze the malware and extract details that allow us to better protect campus from infection.
What is the IT Security Office doing to protect KU?
- ITSO staff are analyzing samples as they are shared with us, so please continue to report suspicious emails to email@example.com. ITSO staff also are working with vendors, information sharing consortiums and the IT security community at large to gather more information to bolster our defenses.
- Information Technology staff are working to ensure vulnerable systems are patched. If you have questions regarding patches on your computer, contact your IT Support staff.
Information security at KU is a shared responsibility, among all of us. By being aware of risks and being careful in your computing practices, you help protect yourself and your colleagues.
If you have questions or concerns, please contact your IT Support Staff or the IT Customer Support Center (firstname.lastname@example.org