DLA Piper Ransomware Attack
Since this past Tuesday the document
management and email systems of DLA Piper have been shut down due to a ransomware attack known as Petya. See this notice currently on the firm's site:
Petya works by encrypting a Windows PC's Master File Table. It uses an External Blue Exploit that exploits a vulnerability in the Server Message Block protocol that provides shared access to files and printers. A user of an encrypted PC will see
a message like this:
Note that Petya does not actually have the ability to undo the changes it makes.
The encryption process can be stopped if a user shuts down immediately after seeing a screen indicating that a CHKDSK command is running
A Windows security update from March can deter Petya, and a read only dat file ( at C:\Windows\perfc.dat) will prevent the encryption process.