LITIGATION SUPPORT TIP OF THE NIGHT

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. This policy is subject to change at any time. The owner is not an attorney, and nothing posted on this site should be construed as legal advice. Litigation Support Tip of the Night does not provide confirmation that any e-discovery technique or conduct is compliant with legal, regulatory, contractual or ethical requirements.

See my post on Running Regex Searches With a Grep Utility on the ILTA litigation support blog.

New tips for paralegals and litigation support profesionals are posted to this site each week. Click on the blog headings for better detail.

See How-To Videos on my YouTube channel.

- Jul 1, 2017

DLA Piper Ransomware Attack

Since this past Tuesday the document

management and email systems of DLA Piper have been shut down due to a ransomware attack known as Petya. See this notice currently on the firm's site:

Petya works by encrypting a Windows PC's Master File Table. It uses an External Blue Exploit that exploits a vulnerability in the Server Message Block protocol that provides shared access to files and printers. A user of an encrypted PC will see

a message like this:

Note that Petya does not actually have the ability to undo the changes it makes.

The encryption process can be stopped if a user shuts down immediately after seeing a screen indicating that a CHKDSK command is running

A Windows security update from March can deter Petya, and a read only dat file ( at C:\Windows\perfc.dat) will prevent the encryption process.

bottom of page