Skip to main content

Petya ransomware campaign impacting organisations globally

The ACSC is aware of a global ransomware campaign, Petya. Ransomware is malicious software that makes data or systems unusable until the victim makes a payment.

Alert status

We are working to confirm reports of two affected companies in Australia and we are reaching out to offer assistance. We are working with our international counterparts to understand the scope and impact.

Early reports indicate the Petya ransomware appears to leverage the same vulnerability as WannaCry.

  • Patch/update systems immediately, including Microsoft operating systems. Using unpatched and unsupported software increases the risk of cyber security threats such as ransomware.
  • Back-up your data. If you do not have back-ups in place you can arrange to use an off-site backup service. This is good practice for all users.
  • Ensure your antivirus software is up-to-date.
  • Individuals and organisations should not pay the ransom. Reports indicate that the contact email address provided in the ransom message has been disabled, which means the files are highly unlikely to be recovered by paying the ransom.

All organisations - large and small - need to examine their cyber security posture and have arrangements in place to protect the security of their information systems.

The Australian Cyber Security Centre has advised that, if you are affected by the Petya ransomware incident, you should contact your service provider immediately. Small businesses can go to ReportCyber and report it. Large organisations are advised to follow their normal procedures and report to the Australian Cyber Security Centre (ACSC).

We continue to monitor the situation closely for any impact and will provide updates as necessary.

Organisations can minimise the risk of being infected by exploits taking advantage of unpatched vulnerabilities by following the Australian Signal Directorate's Strategies to Mitigate Cyber Security Incidents. These strategies include but are not limited to:

  • patching operating systems and applications to the latest versions
  • backing up important data on a daily basis to an offsite location
  • implementing application control to prevent execution of untrusted code
  • restricting administrator privileges.

Further ASD advice, such as the Essential Eight ExplainedDetecting Socially-Engineered EmailsMinimising Admin Privileges Explained and Implementing Application Control, is available from the ASD Publications page.

Updates are also available on the Stay Smart Online websiteFacebook page, and Twitter account.