TRENDS & TECHNOLOGY

Don’t Be Held Ransom by Petya

POSTED BY TURTLE & HUGHES INDUSTRIAL CONTROL & AUTOMATION DEPARTMENT BLOG IN INDUSTRY NEWS & EVENTS, SERVICES


 
It’s been two weeks since the malware “Petya” began affecting Microsoft Windows personal computers (PCs) around the world rendering infected networks locked and inaccessible, and leading to widespread concern.

 

According to Turtle & Hughes vice president Billy Wresch, who leads the company’s Rockwell Automation department, “Attack strategies can change as defenses are built up, so we all need to stay diligent and take steps to protect our critical systems.”

 

Petya is a self-propagating “worm” that infects any vulnerable host that has not patched the Windows SMBv1 vulnerability. Microsoft patched this vulnerability, named “MS17-010,” in March 2017. While there is no known direct impact to Rockwell Automation products from this malware, the company has been proactive in providing customers – especially those running on Microsoft Windows who are most vulnerable — with on-going email alerts and Knowledgebase Articles regarding the malware.

 

According to Wresch, “Customers should continue to monitor the situation, always follow Rockwell Automation’s general security guidelines, and have a mitigation plan in place. If you have any doubts about your network security, contact one of our Automation specialists who can direct you to the most up-to-date information and solutions from Rockwell Automation.”

 

 

Following are General Security Guidelines published by Rockwell Automation:


1. Refer to Knowledgebase Article 546987 (for Rockwell Automation recommended customer hardening guidelines, including information about compatibility between antivirus software and Rockwell Automation products. For a list of Rockwell Automation tested antivirus software, refer to Knowledgebase Article 35330.

2. Use of Microsoft AppLocker® or other similar Whitelisting application can help mitigate risk. Information on using AppLocker with Rockwell Automation products is available at https://rockwellautomation.custhelp.com/app/answers/detail/a_id/546989.

3. Run all software as User, not as Administrator.

4. Use trusted software and software patches that are obtained only from highly reputable sources.

5. Employ training and awareness programs to educate users on the warning signs of
a phishing or social engineering attack.

6. Locate control system networks and devices behind firewalls, and isolate them from the business network, helping to make sure that messages with mismatched IP and interface origination do not reach the target system.

7. Help minimize network exposure for all control system devices and/or systems, and confirm that they are not accessible from the Internet.

8. When remote access is required, use secure methods, such as Virtual Private Networks (“VPNs”), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that a VPN is only as secure as the connected devices.

 

Additional resources from Rockwell Automation:

For more information, contact the Turtle & Hughes Automation Department.

 

 

Turtle & Hughes is an Authorized Distributor of Rockwell Automation in: New Jersey: Bergen, Essex, Hudson, Hunterdon (East of Route 31), Middlesex, Monmouth, Morris, Ocean, Passaic, Somerset, Sussex and Union. New York City: Bronx, Manhattan and Queens. New York State: Dutchess, Kings, Nassau, Orange, Putnam, Rockland, Suffolk, Sullivan, Ulster (South of Route 28, excluding the township of Kingston) and Westchester.

Subscribe to
Trends & Technology:

Connect with Us:

RECENT STORIES

Archive

  • 2017
  • 2016
  • 2015