A new variant of ransomware is quickly spreading around the globe. The malware, which some experts believe to be an updated version of the ransomware strain known as "Petya," exploits an old vulnerability in Microsoft Windows for which Microsoft issued a patch (to fix the vulnerability) several months ago. The sheer number of parties infected within the last 24 hours likely testifies to the failure of so many organizations to consistently patch their systems.
The malware has hit multiple large entities in Ukraine (including in both the government and private sector), the Danish transport firm, Maersk, Russian energy firm, Rosneft, and many others. According to some reports, the American law firm, DLA Piper, and the pharmaceutical giant, Merck, were hit as well.
Today's attack leverages malware that utilizes an exploit known as Eternal Blue, which, most experts believe, was stolen from the NSA and leaked earlier this year by a group (or individual) called The Shadow Brokers. The same exploit was also used during the recent WannaCry ransomware outbreak. (It should be noted that the payment infrastructure used by today's malware seems unprofessional - e.g., using email to contact the hackers -- making one wonder whether the ransomware is intended to disguise other attacks.)
What do you need to do?
1. If you have not already applied the relevant patch, do so ASAP.
2. Backup often, and keep the backups logically and physically separate from the systems being backed up. If ransomware somehow infects your system you do not want it to be able to encrypt and undermine your backups.
3. Practice good cybersecurity hygiene.
4. Going forward, make sure to install critical patches and keep your systems up to date.
As I noted several months ago, governments need to think long and hard before creating and storing exploits like Eternal Blue - as if the code somehow leaks, it can lead to extremely serious problems. Perhaps now would be a good time for the government to review its policies in that regard.