Although targets originally appeared in Ukraine—shutting down power plants, banking services and supermarkets—this latest cyberattack has quickly spanned critical economic sectors around the globe. This cyberattack was first seen by Webroot's threat research team at roughly 10:00 a.m. UTC 6/27/2017.
Webroot has found many companies are still failing to adequately secure their IT systems from the EternalBlue (Petya/WannaCry) vulnerability in the Windows Server Message Block (SMB) server.
Microsoft issued critical security updates to patch this vulnerability on March 14, 2017. <https://technet.microsoft.com/en-us/library/security/ms17-010.aspx> To verify that the MS17-010 patch is installed.
The attack can come in multiple ways, but the primary delivery method is by email.
- Never open an attachment from an unknown sender.
- If you receive an unexpected attachment from a known sender, verify with the sender before opening. Pay close attention to sender’s address and name for possible misspellings.
- Clicking on any link in an email is risky and not recommended unless it is a verified source.