Product Security Service Bulletin for Petya Ransomware

July 07, 2017

Smiths Medical recognizes that some customers may have been impacted by the cyberattack known as the Petya Ransomware. Smiths Medical is closely monitoring the Petya ransomware situation, and collaborating with government and healthcare industry stakeholders to ensure appropriate measures are taken to safeguard our products.

According to Microsoft, this ransomware spreads either by attachments/links in phishing emails or on malicious websites (“system zero infection”) or via an infected system that exploits a vulnerability in a Windows component used in the context of open file shares of other systems reachable on the same network. Additional details may be found on the following Microsoft page:

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt- attacks/

The Petya ransomware uses the same Windows SMBv1 vulnerability similar to WannaCry and takes advantage of unpatched Windows machines. No further action is required by customers who have followed Smiths Medical’s WannaCry Malware Infection & Outbreak Statement on securing products against the WannaCry vulnerability. If not, Smiths Medical strongly recommends following the actions outlined in our previously posted WannaCry Malware Infection & Outbreak Statement. These actions include applying the appropriate Microsoft patches, and ensuring appropriate mitigating controls are in place for Microsoft SMB including isolating or blocking use of the network service. Neither the use of an email client nor browsing the internet is part of the intended use of most of the products covered by this Smiths Medical Cyber Security Bulletin.

The Smiths Medical Cyber Security Engineering team will continue to monitor the situation and provide further updates and/or suggestions if needed. If your cyber security office would like any additional information, please contact the Smiths Medical Cyber Security team at cybersecurityincidents@smiths-medical.com.