top of page

DLA Piper Ransomware Attack


Since this past Tuesday the document

management and email systems of DLA Piper have been shut down due to a ransomware attack known as Petya.  See this notice currently on the firm's site: 

Petya works by encrypting a Windows PC's Master File Table.  It uses an External Blue Exploit that exploits a vulnerability in the Server Message Block protocol that provides shared access to files and printers.  A user of an encrypted PC will see  

a message like this:

Note that Petya does not actually have the ability to undo the changes it makes. 

The encryption process can be stopped if a user shuts down immediately after seeing a screen indicating that a CHKDSK command is running

A Windows security update from March  can deter Petya, and a read only dat file ( at C:\Windows\perfc.dat) will prevent the encryption process.  


Sean O'Shea has more than 20 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.

If you have a question or comment about this blog, please make a submission using the form to the right. 

Your details were sent successfully!

© 2015 by Sean O'Shea . Proudly created with Wix.com

bottom of page