Security notification – The subspecies of Ransomware Petya cyber attack

September 25, 2017
Toshiba Corporation

Since June 27, 2017, the impact of the Ransomware called Petya (or PetrWrap, NotPetya, GoldenEye) has spread in Europe,North America, Australia,etc. This notification is to broadly inform to the customers of Toshiba products / systems (social infrastructure systems, enterprise information systems, business products and consumer products, etc.) about the impact and recommended countermeasures on the subspecies of Petya Ransomware.
(This notification does not report on the actual impact or damage to Toshiba products.)

Affected Products
Products using Microsoft® Windows® operating systems

The subspecies of Petya exploits Microsoft® Windows® file sharing vulnerability to infect. Once a system is infected, it encrypts MBR (Master Boot Record) and use of PC becomes impossible and requests ransom (by bit coin) as decryption fee.

Recommended countermeasures
Toshiba Corporation recommends several countermeasures to protect your systems from cyber attacks, but not limited to:
- Install the latest Microsoft security patches on your Windows (MS17-010 is applied especially)
- Update your antivirus software and its pattern file
- Take a backup of your system
- Don’t open any suspicious attached files and URLs of external site including e-mail
- Notify to employees on the malware and security countermeasure

More Information
- ICS-CERT: ”Petya Malware Variant”
- Microsoft (MS) Security Bulletin MS17-010

Legal Disclaimer
This notification does not indicate explicitly or implicitly any kind of guarantee or warranty, including the suitability of Toshiba products.