Updated: June 28, 2017
On June 27th, 2017, organizations in Europe began reporting a widely spreading ransomware infection similar to WannaCry. Petya (NonPetya), initial infections point to a hacked Ukrainian accounting software called “MeDoc”. Initial evidence suggests that malicious code was added to MeDoc and the malware then used the auto-update feature of MeDoc to spread to MeDoc users. Once in a network, the malware can spread via SMB (Server Message Blocks) and WMIC (Windows Management Instrumentation Command line).
Ceridian was alerted early Tuesday, June 27th about this malware and has been monitoring the spread and behavior of this malware to ensure we can appropriately protect against infection. We have taken several precautions including:
At present, Ceridian is not aware of any infections, or alerts, within our network. Ceridian technical teams continue to closely monitor our network.