DLA Piper Ransomware Attack


Since this past Tuesday the document

management and email systems of DLA Piper have been shut down due to a ransomware attack known as Petya.  See this notice currently on the firm's site: 

Petya works by encrypting a Windows PC's Master File Table.  It uses an External Blue Exploit that exploits a vulnerability in the Server Message Block protocol that provides shared access to files and printers.  A user of an encrypted PC will see  

a message like this:

Note that Petya does not actually have the ability to undo the changes it makes. 

The encryption process can be stopped if a user shuts down immediately after seeing a screen indicating that a CHKDSK command is running

A Windows security update from March  can deter Petya, and a read only dat file ( at C:\Windows\perfc.dat) will prevent the encryption process.