Petya/NonPetya Vulnerability
Updated: June 28, 2017
On June 27th, 2017, organizations in Europe began reporting a widely spreading ransomware infection similar to WannaCry. Petya (NonPetya), initial infections point to a hacked Ukrainian accounting software called “MeDoc”. Initial evidence suggests that malicious code was added to MeDoc and the malware then used the auto-update feature of MeDoc to spread to MeDoc users. Once in a network, the malware can spread via SMB (Server Message Blocks) and WMIC (Windows Management Instrumentation Command line).
Ceridian was alerted early Tuesday, June 27th about this malware and has been monitoring the spread and behavior of this malware to ensure we can appropriately protect against infection. We have taken several precautions including:
- Ensuring that anti-virus software is up-to-date.
- Confirming that the monitoring software Ceridian has in place is capable of detecting and eliminating the virus.
- Conducting a review of the patching status of all workstations and servers and ensuring patching is up to date.
- Engaging mail, IPS, and proxy providers for their support and validating with key vendors that their systems can identify and contain the malware.
At present, Ceridian is not aware of any infections, or alerts, within our network. Ceridian technical teams continue to closely monitor our network.