On June 27, 2017, the “Petya” ransomware strain began spreading widely impacting a large number of organizations, particularly in Europe. 

Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. Open-source reports indicate that the ransomware exploits vulnerabilities in Server Message Block (SMB). It has two layers of encryption: one that individually encrypts target files on the computer and another one that encrypts NTFS structures. This approach prevents victims’ computers from being booted up in a live OS environment and retrieving stored information or samples. Additionally, after the encryption process is complete, the ransomware has a specialized routine that forcefully crashes the computer to trigger a reboot that renders the computer unusable until a $300 ransom is paid.

N-Line Managed Antivirus protects you against this virus attack.   For those of you not subscribed to our Antivirus product, you should update your Antivirus immediately and run Windows Update to make sure your system is fully patched and thus protected against the SMB fault that this virus exploits.

If you need assistance please contact us or call 432-279-0671