DLA Piper Ransomware Attack

DLA Piper Ransomware Attack

July 1, 2017

Since this past Tuesday the document

management and email systems of DLA Piper have been shut down due to a ransomware attack known as Petya.  See this notice currently on the firm's site: 

 

 

Petya works by encrypting a Windows PC's Master File Table.  It uses an External Blue Exploit that exploits a vulnerability in the Server Message Block protocol that provides shared access to files and printers.  A user of an encrypted PC will see  

a message like this:

 

 

Note that Petya does not actually have the ability to undo the changes it makes. 

 

The encryption process can be stopped if a user shuts down immediately after seeing a screen indicating that a CHKDSK command is running

 

A Windows security update from March  can deter Petya, and a read only dat file ( at C:\Windows\perfc.dat) will prevent the encryption process.  

 

 

 

 

 

 

 

 

 

 

 

 

 

Please reload

Contact Me With Your Litigation Support Questions:

seankevinoshea@hotmail.com

  • Twitter Long Shadow

© 2015 by Sean O'Shea . Proudly created with Wix.com