New Zealand Law Society - CERT issues guidance for NotPetya ransomware

CERT issues guidance for NotPetya ransomware

This article is over 3 years old. More recent information on this subject may exist.

The government's cybersecurity organisation CERT NZ says the global cyber-attack which is currently unfolding is taking hold of various companies around the world, including law firms.

CERT says the criminal attack is a new ransomeware campaign referred to as NotPetya (originally reported as Petya) and it is affecting Microsoft Windows devices globally.

"In many ways, this ransomware is behaving similarly to WannaCry — it infects unpatched Windows devices by exploiting a software vulnerability. If NotPetya infects a device, it will encrypt the hard drive, demanding a ransom is paid to regain access to the device," it says.

"A point of difference that this ransomware has from WannaCry is that once a single computer in a network is infected, the program looks for other computers on the network and infects them as well — even when they’re fully up to date."

Don't pay ransom

CERT NZ strongly recommends that the ransom is not paid, under any circumstances.

"At least one email address used to communicate with the attackers has been taken down, and subsequent email addresses are likely to be taken down as well. In this case, this means that you will not be able to recover your files, even if the ransom is paid."

CERT NZ says that to protect an organisation's network, it’s critical to ensure that the software on all devices is fully up date.

What you should do

CERT NZ recommends a number of technical steps which can be taken immediately to protect networks:

  • Ensure you've patched all Windows systems in your network. In this case, it’s particularly important to apply the MS17-010 Microsoft patch. CERT NZ recommends that you apply all security updates to all systems and software.
  • Make sure you've backed up your system and have stored your files securely outside your network.
  • Make sure that firewalls and anti-virus software is installed, up-to-date, and fully operational.
  • Be careful when opening emails and clicking on links – read our phishing information to know what to look out for. These emails could be from anyone, including an email address you’re familiar with.
  • Ensure staff are aware of this campaign. Remind them to be vigilant about links and attachments contained in incoming emails.

Reporting attacks

CERT NZ says anyone or any business which has been affected by NotPetya can report it to CERT NZ through their online reporting tool, or call 0800 CERT NZ (available Monday to Friday, 7am to 7pm).