Recent Control & Safety Systems Discussions
Similar Posts
Petya Ransomware/Malware Recommended Considerations for DeltaV Users
Recommended Symantec antivrus version
Recommendations for EIOC Network Switches.
Ethernet/IP to Modbus gateway recommendations
Recommended practice for connecting DeltaV Server to Internet?
Share

Petya Ransomware Update and Recommendations

On the 27th of June 2017, we became aware of the “Petya ransomware/malware” (also called NotPetya) cyber-attack spreading throughout the world causing computers to be encrypted and victims to see a request for ransom on their computer screens.

This ransomware is still under investigation, however it appears similar to the “WannyCry ransomware”. The Petya malware exploits a Microsoft® Windows® vulnerability in the SMB (Server Message Block) protocol, as well as other unconfirmed exploits (including credential harvesting and remote execution utilities), which allows it to spread within networks. The ransomware also appears to also overwrite the Master Boot Record (MBR). Multiple global organizations have reported network outages, including government and critical infrastructure operators.

Ransomware attacks are becoming much more common, but they are now seen paired with exploits that spread as a network worm. The recent WannaCry attacks in May 2017 highlighted that many Windows O/S systems were not (maybe still are not) patched for the SMB vulnerability. Further to this, the fact that Petya ransomware seemingly spread primarily using this same vulnerability shows that many systems may still be vulnerable, despite the recent attention from the WannaCry infection.

Recommended Considerations:

  • Be very aware of this latest malware attack currently underway
  • Ensure the application of Microsoft Security Updates in MS17-010 following the KBA AK-1300-0005
    • Note: Microsoft released new “WannaCry-related” updates in June. All of the latest approved Microsoft Security Updates should be applied as they become available. Also note that Petya can use other means to propagate through the network even if these patches are applied.
  • Ensure the application of the latest signature files from McAfee or Symantec (as installed)
  • Do not use the same username and passwords for both the control system and enterprise level accounts (which is a large risk in this latest attack)
  • Ensure no exposure of control systems to direct, unsecured corporate LANs or internet connections
  • Create and maintain high integrity, comprehensive system back-ups so that if an infection occurs, data may be restored
  • Please report any and all disruptions due to any cyber-attack via a call to Emerson’s Global Service Center (GSC).
  • Monitor KBA NK-1500-0102 for continued updates on this topic as they become available
           

 

Rick Gorskie

DeltaV Cybersecurity Services Program Manager

 

Alexandre Peixoto

DeltaV Product Marketing Manager

Rick Gorskie

Global Sales Manager - Cybersecurity

Emerson Automation Solutions

Rick Gorskie

This is the official online community site of the Emerson Global Users Exchange, a forum for the free exchange of non-proprietary information among the global user community of all Emerson Automation Solution's products and services. Our goal is to improve the efficiency and use of automation systems and solutions employed at members’ facilities by sharing our knowledge, experiences, and application information.

User Groups | World Areas | Community Guidelines | Legal Information | Privacy Policy | Contact Community Manager

Website translation provided by Website Translator

© 2015-2022 Emerson Global Users Exchange. All rights reserved.