I WannaCry all over againOn the morning of\u00a0June 27th, reports began surfacing of widespread attacks against Ukrainian critical infrastructure sectors that included aviation, banking, and electricity.\u00a0 An unknown malware had begun affecting IT systems in these sectors. Business systems were made unavailable and normal processes stopped. \u00a0Fortunately, no operational technology, the technology that runs the energy grid, was reported to be affected.Affected systems were widespread.\u00a0 They included Ukrenergo, the country\u2019s electric transmission company, and Kyivenergo, the distribution company serving the Kiev region, While Ukrenergy reported no outages, Kyivenergy was forced to shut down all administratve systems, awaiting permission from the Ukraine\u2019s Security Service (SBU) before restarting.Others victims in Ukraine and internationally included:The Ukrainian government, including parliament and cabinetUkraine\u2019s largest bank, OschadbankKiev\u2019s Borysopil Airport, affecting departure boards and scheduling systemsThe Ukrainian state postal serviceKiev\u2019s metro systemTelevision stations.Rosneft, a Russian government-owned oil firmSteel maker EvarzThree Ukrainian telecom companies, Kyivstar, LifeCell and Ukrtelecom.Danish shipping company Maersk reported that systems in the UK and Ireland were affected.The attack occurred, probably not by chance, only hours after the car bombing murder of Col. Maxim Shapoval of the Ukraine Chief Directorate of Intelligence and a day before Ukraine\u2019s Constitution Day.The name gameThe offending malware was soon identified at PETYA, PETRYA, or PETwrap, depending upon the source. PETYA reportedly utilized the the NSA\u2019s leaked EternalBlue, the same Windows SMBv1 vulnerability as WannaCry, \u00a0 PETYA does not initially encrypt individual files, but replaces the master boot record (MBR), leaving the entire system unusable. \u00a0Should the MBR not be available, it then goes on to encrypt the individual files.What part didn't you get about 'patch now?'Perhaps the most valuable lesson we can learn from this attack is that Charles Darwin was right. \u00a0It's survival of the fittest; right along with that goes the smartest. Unless some completely new vector is discovered in action with this new threat, victims of PETYA have no excuse.\u00a0 The SMB vulnerability in question had been patched by Microsoft prior to WannaCry's May outbreak.\u00a0 During the WannaCry outbreak, Microsoft provided additional patches for legacy operating systems, those no longer supported by normal updates, like Windows XP and Server 2003.\u00a0 Even with these extraordinary measures to provide users with the protection they needed, some failed to update and\/or patch.Those who failed to take action and install patches handed to them on a silver platter are now victims of PETYA, and themselves sources of the new infection to others.\u00a0 Akin to a neighbor with a garage full of dynamite, this is the kind of negligence that endangers the entire cyber neighborhood.ISACs to the rescueInformation Sharing and Analysis Centers (ISACs) in the U.S. were able to get ahead of the infection thanks to early warning and quick action.\u00a0 The Downstream Natural Gas and Electric ISACS combined forces to collect, analyze, and alert their sector members, providing early indicators and even links to algorithms successfully used to earlier decrypt the PETYA ransomware.\u00a0 Having just recently experienced the WannaCry worm, their members were patched and defended.\u00a0 There were no reports of infection in electric or downstream natural gas sectors.