[Important Security Alert] Beware of Petya (similar to WannaCry) Encryption Blackmail Virus Attacks

According to threat intelligence, on June 27, 2017, a ransomware virus codenamed "Petya" has spread widely throughout Europe. The virus is similar to "WannaCry". The virus encrypts the boot record (MBR) of disk partitions, makes the files on the hard disk drive unreadable, and restricts system access by hiding file names, sizes and locations of disk partitions, rendering the computer unable to start properly.

According to intelligence, the "Petya" ransomware gains access through the OFFICE OLE2LINK (CVE-2017-0199) and MS17-010 vulnerabilities. Once the ransomware has gained access to a machine, it may impact other systems on the local network. If the attack is successful, business data may be encrypted, but paying a ransom to retrieve it is not recommended.

Alibaba Cloud reminds you to take precautionary measures in advance:

1. Please check your server account passwords. If the passwords are simple, please change them to stronger passwords immediately, and update your passwords regularly.

2. Do not open high-risk network ports to the internet, for example: ports 3389, 445, and 139. Open only network ports which are essential to your business. You can configure Security Group Policy to shield high-risk ports.

3. If you are buying new ECS instances, it is strongly recommended that you take a snapshot and then install antivirus software, such as Microsoft MSE, Kaspersky Enterprise Edition, Norton, etc.

4. According to the reports, the ransomware gains access through the vulnerabilities OFFICE OLE2LINK (CVE-2017-0199) and MS17-010, so please ensure you have installed the patches for these vulnerabilities: Windows patches MS17-010 and CVE-2017-0199.

5. If you use snapshots or other methods to back up your data, it is recommended that you back up all volumes used by your ECS instances. Setting up automatic snapshots is recommended.

If you have any questions or concerns, please contact us by submitting a ticket.