Nigel-YZ1
Guru
- Location
- Somewhere else... maybe soon.
Possibly. I wouldn't be confident until the whole thing is unravelled and analysed with confidence. Rumours of trojans also contained within it, for example.
Signatures are out for AV and NIPS, and of course the patch has been around for ages, so if you get hit now your CIO needs to be answering the tough questions.
Some more info:
https://www.symantec.com/connect/blogs/petya-ransomware-outbreak-here-s-what-you-need-know?om_ext_cid=biz_social_NAM_twitter_Asset Type - Blog,Petya
I'm definitely not confident.
While some are crowing about repeats of Wannacry and laughing about lessons not learned, a small minority are seeing that this one doesn't move via SMB, it's being moved by PSExec and WMIC.