DLA Piper Ransomware Attack
- Sean O'Shea
- Jul 1, 2017
- 1 min read
Since this past Tuesday the document
management and email systems of DLA Piper have been shut down due to a ransomware attack known as Petya. See this notice currently on the firm's site:

Petya works by encrypting a Windows PC's Master File Table. It uses an External Blue Exploit that exploits a vulnerability in the Server Message Block protocol that provides shared access to files and printers. A user of an encrypted PC will see
a message like this:

Note that Petya does not actually have the ability to undo the changes it makes.
The encryption process can be stopped if a user shuts down immediately after seeing a screen indicating that a CHKDSK command is running

A Windows security update from March can deter Petya, and a read only dat file ( at C:\Windows\perfc.dat) will prevent the encryption process.
Recent Posts
See AllThis month the S.D.N.Y. dismissed much of the SEC's fraud suit against the software developer SolarWinds Corp. The SAML certificate...
HIPS software, Host-based Intrusion Prevention System, checks a server, computer, or workstation for events occurring on that host which...