The June 27, 2017 ransomware attacks appear to be rising to proportions similar to that of the WannaCry attacks last month.

No industry is entirely safe from these (temporarily) crippling attacks.

What can you do to manage today's attack or prevent it from affecting you?

Critical path at this point:

If you have been hit:

  • For any systems that have not been hit, immediately apply last week's patches issued to address the ETERNALBLUE exploit
  • Make sure to stop the spread of the attack do not overlook systems that have not yet been compromised
  • Identify which of your systems should be isolated or kept offline based on particular indicators known to be part of the Petya or Petya-like Attack
  • Determine the best path for recovery as quickly as possible

If you have not been hit:

  • Apply patches to stop the ETERNALBLUE exploit available here
  • There is still time to prevent the attack using certain forensic sensors
  • Watch media coverage for additional indicators of the attack and remain vigilant for additional attacks

How We Can Help Immediately

  • Revise and redirect your current response effort
  • Ensure you have the best advice from forensic or technical experts
  • Ensure technical response is comprehensive and legally defensible in any later investigations
  • Advise on executive decisions regarding whether or not and/or how to pay ransomware
  1. As of 12 hours into the attack, there is no indication about whether or not most victims are or are not paying the ransom; one media report indicated that the attacker's bitcoin wallet only had a couple thousand dollars' worth of bitcoin in it
  • Engage a specialty PR/communications firm to assist with reputational and brand management (internally and externally)
  • Consider whether privilege is appropriate or necessary under applicable law; ensure privilege established with communications/PR and forensic vendors
  • Apply privilege to remedial efforts where possible
  • Advise on liability exposure throughout the response effort
  • Assist with helping ensure you avoid a second attack over the next few weeks on the heels of this one
  • Handle regulator inquiries, customer inquiries, etc.
  • Coordinate with law enforcement if necessary