DLA Piper Ransomware Attack

DLA Piper Ransomware Attack

July 1, 2017

Since this past Tuesday the document

management and email systems of DLA Piper have been shut down due to a ransomware attack known as Petya.  See this notice currently on the firm's site: 



Petya works by encrypting a Windows PC's Master File Table.  It uses an External Blue Exploit that exploits a vulnerability in the Server Message Block protocol that provides shared access to files and printers.  A user of an encrypted PC will see  

a message like this:



Note that Petya does not actually have the ability to undo the changes it makes. 


The encryption process can be stopped if a user shuts down immediately after seeing a screen indicating that a CHKDSK command is running


A Windows security update from March  can deter Petya, and a read only dat file ( at C:\Windows\perfc.dat) will prevent the encryption process.  














Please reload

Contact Me With Your Litigation Support Questions:


  • Twitter Long Shadow

© 2015 by Sean O'Shea . Proudly created with Wix.com