轉知資安事件通知
有關近日發生之” Petya勒贖軟體”之媒體相關報導,說明如下
- 截至目前台灣並無相關損害案例
- 已經在五月更新過(MS17-010),已可以防範目前PETY
A的威脅 - 請持續更新WINDOWS UPDATE與防毒軟體病毒碼
- 詳細資訊,請參考以下文章,重要部份用紅字標註,並附上中文補充
What is the purpose of this alert?
This alert is to provide you with guidance concerning the ransomware issue being discussed broadly in the press starting on Tuesday, June 27, 2017, and causing a large volume of customer inquiries. This ransomware is being described by the press and security researchers as “ Petya Ransomware.”
Overview
Microsoft’s antivirus software detects and protects against this ransomware. Our initial analysis found that the ransomware uses multiple techniques to spread, including two which were addressed by a security update (MS17-010) previously provided for all platforms from Windows XP to Windows 10.
As a general precaution, customers should exercise caution when opening unknown files. We are continuing to investigate and will take appropriate action to protect customers..
Malware Detection
Windows Defender, System Center Endpoint Protection, and Forefront Endpoint Protection detect this threat family as Ransom:Win32/Petya. Ensure you have a definition version equal to or later than:
- Threat definition version: 1.247.197.0
- Version created on: 12:04:25 PM : Tuesday, June 27 2017
- Last Update: 12:04:25 PM : Tuesday, June 27 2017
In addition, the free Microsoft Safety Scanner http://www.microsoft.com/
Those with a solution from an antivirus provider other than Microsoft should check with that company.
Recommendations
Three specific steps customers can take to mitigate against new ransomware:
- Ensure you have the latest security updates installed. 持續更新WINDOWS UPDATE
- Ensure you have the latest AV Signatures from your preferred AV vendor. 與防毒廠商取得病毒碼與病毒引擎更新
- Do not open email/attachments from unknown/untrusted sources. 不使用來路不明之USB隨身碟,不開啟步行之郵件附件檔
- Domain Admin 帳號或較高權限之帳號不隨意登入用戶端電腦。
Note: these are good security defense-in-depth recommendations that may prevent being infected by this ransomware, but these steps alone do not guarantee against infection.
Additional Resources
- The Microsoft Security Tech Center: https://technet.microsoft.com/
en-us/security/default - The Microsoft Security Update Guide: http://aka.ms/
securityupdateguide
More Information
When new information is available that we can share, we will send a new security alert.
Regarding Information Consistency
We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative.
If you have any questions regarding this alert, please contact your Technical Account Manager (TAM)/Service Delivery Manager (SDM).
