Print Page   |   Contact Us   |   Sign In   |   Register
News & Press: Illinois Section AWWA News

Virus Alert - Please Read

Friday, June 30, 2017   (0 Comments)
Posted by: Laurie Dougherty
Share |

Dear ISAWWA members and colleagues:

We would like you to be aware of an international ransomware campaign, referred to as "WannaCry 2.0 or Petya" in the media that has affected critical infrastructure sectors including healthcare and public sector assets in the US, as well as the transportation sector.

Known impacts include the following:

  • A Danish shipping company has temporarily limited container shipping into and out of the Port Authority of New York and New Jersey as well as the Port of Los Angeles which could disrupt supply chains;
  • A provider of transcription services for Electronic Health Records (EHRs) is impacted resulting in some healthcare organizations using downtime procedures to update health records;
  • A pharmaceutical company was affected resulting in some internal computer networks being inaccessible or locked; and
  • A limited number of healthcare institutions were infected.

Please review the HHS notice below, for additional information and resources about this threat.

Kind Regards,

If you are the victim of a ransomware attack

If your organization is the victim of a ransomware attack, HHS recommends the following steps:

1.       Please contact your FBI Field Office Cyber Task Force (www.fbi.gov/contact-us/field/field-offices) or US Secret Service Electronic Crimes Task Force (www.secretservice.gov/investigation/#field) immediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.

2.      Report cyber incidents to the US-CERT (www.us-cert.gov/ncas) and FBI's Internet Crime Complaint Center (www.ic3.gov).

3.      If your facility experiences a suspected cyberattack affecting medical devices, you may contact FDA's 24/7 emergency line at 1-866-300-4374. Reports of impact on multiple devices should be aggregated on a system/facility level.

4.      For further analysis and healthcare-specific indicator sharing, please also share these indicators with HHS' Healthcare Cybersecurity and Communications Integration Center (HCCIC) at HCCIC@hhs.gov.

5.      Report the incident to your state health department.

Mitigating against this threat

  • The National Health – Information Sharing and Analysis Center (NH-ISAC) has tested a "vaccine" that has been reported as potentially helpful for systems that have not been impacted.  While the use of this "vaccine" should not preclude proper patching, consider the business impact of creating a file C:/Windows/perfc.exe or editing the existing file to make them READ ONLY. As with any patch/update, this modification should be evaluated before implementation by appropriate system security personnel. For further information on this vaccine please visit https://nhisac.org/nhisac-alerts/petya-ransomware-updates/.                
  • Educate users on common Phishing tactics to entice users to open malicious attachments or to click links to malicious sites.
  • Patch vulnerable systems with the latest Microsoft security patches: https://technet.microsoft.com/en-us/security/bulletins.aspx
  • Verify perimeter tools are blocking Tor .Onion sites 
  • Use a reputable anti-virus (AV) product whose definitions are up-to-date to scan all devices in your environment in order to determine if any of them have malware on them that has not yet been identified. Many AV products will automatically clean up infections or potential infections when they are identified.
  • Monitor US-CERT for the latest updates from the U.S. government. 

US-CERT Resources

Sector ISAO and ISAC resources

  • National Health Information-Sharing and Analysis Center has shared the followingTLP-White Message and will continue to share information at nhisac.org.
  • HITRUST has shared the following Threat Bulletin for distribution.

Membership Software Powered by YourMembership  ::  Legal