Corporate Security: Another wave of cyberattacks in last 24 hours globally


News outlets are reporting another wave of ransomware attacks affecting computers within the last 24 hours: Spain, India, some parts of the United Kingdom and now parts of the United States including Merck & Co pharmaceutical giant. This attack is believed to have started in the Ukraine, and is called the Petya attack.

Petya is a virus that encrypts files of your computer and holds them ransom (reports state this ransom is $300 per computer), very much like the WannaCry and WannaCrypt that occurred early last month. Several antivirus programs cannot detect this, or detect it after files are already encrypted (which is, obviously, too late to do any good).

This variant is being delivered by a spreadsheet attachment to email. Use caution when opening any email attachments!

It is important to remind staff to not open attachments of files from emails they do not recognize. Inspect the email carefully for any clues it may not be from the claimed sender of the file (wrong signature, unusual greetings or language, misspellings or other nuances that are out of character for that individual).

It is particularly dangerous to open a file (Word or Excel) and then turn off Protected Mode of the file. This is usually a banner across the top of the document or spreadsheet that states plainly “PROTECTED VIEW – Be careful – email attachments can contain viruses. Unless you need to edit, it’s safer to stay in Protected View.” Microsoft isn’t kidding when it states this.

Protected View disables macros in the document. Granted, macros are needed for printing and certain functions to realize the full power of Excel formulas. But macros are essentially a mini-program that can run inside these documents. These macros are how viruses launch on a machine and infect it. Petya is known to be able to travel across networks once it has infected a computer.


Please use caution when opening email attachments of any kind.