Petya ransomware first appeared on Tuesday, June 27, 2017. Petya is similar to WannaCry in that it primarily uses the "Eternal Blue" SMBv1 exploit, leaked by the Shadow Brokers from stolen NSA code, to enter the system. Later reports surfaced that Petya is using an HTA attack (CVE2017-0199) as well, allowing for a phishing approach that may bypass firewalls that should be blocking inbound port 445. Petya encrypts the Master File Table (MFT) for NTFS partitions and overwrites the Master Boot Record (MBR) with a custom bootloader. To release encrypted data, the ransomware demands an average payment of $300 in bitcoins. Systems that have already applied the Microsoft's MS17-010 security patch are not vulnerable to the EternalBlue exploit used by Petya.
Response
Teams at Beckman Coulter are aggressively evaluating the risk and cybersecurity vulnerability profiles of both our software solutions and instrument software products. Where appropriate, teams are validating the installation of the MS17-010 Microsoft security patch and developing specific customer instructions for those systems.
Some products do not use or rely on a Microsoft Windows-based operating system and therefore are not vulnerable to or affected by WannaCry ransomware. Please see the product table below for more information.
We will continue to update our product information as our evaluation of the issue continues and new information becomes available.
Microsoft Security Bulletin MS17-010
Released in March 2017, this update addressed the Microsoft security vulnerability exploited by WannaCry ransomware. We suggest that customers who have not already applied this update consult the product listing below before doing so. In addition, as the complexity of customer system configurations varies greatly, we strongly recommend that our customers work directly with their IT departments to ensure compatibility of the software update with their networked systems.
For additional technical details and indicators associated with this ransomware, please review the latest update from the U.S. Department of Homeland Security: US-CERT Alert (TA17-132A).
Beckman Coulter Life Sciences Product Information Updates
| Product Line | Product | Operating System | Customer Facing Notes |
| Centrifuge | Airfuge | None | This product does not use or rely upon a Microsoft Windows-based operating system. It uses an embedded operating system that is not vulnerable to or affected by WannaCry ransomware. |
| Centrifuge | Allegra X-12/14/15 | Non Windows | This product does not use or rely upon a Microsoft Windows-based operating system. It uses an embedded operating system that is not vulnerable to or affected by WannaCry ransomware. |
| Centrifuge | Allegra X-30 | Non Windows | This product does not use or rely upon a Microsoft Windows-based operating system. It uses an embedded operating system that is not vulnerable to or affected by WannaCry ransomware. |
| Centrifuge | Avanti J-26/30/HC | Non Windows | This product does not use or rely upon a Microsoft Windows-based operating system. It uses an embedded operating system that is not vulnerable to or affected by WannaCry ransomware. |
| Centrifuge | Avanti J6-MI | Non Windows | This product does not use or rely upon a Microsoft Windows-based operating system. It uses an embedded operating system that is not vulnerable to or affected by WannaCry ransomware. |
| Centrifuge | Avanti J-E | Non Windows | This product does not use or rely upon a Microsoft Windows-based operating system. It uses an embedded operating system that is not vulnerable to or affected by WannaCry ransomware. |
| Centrifuge | Avanti JXN | Win Embedded 2009 | Avanti JXN contains technologies to actively prevent malware intrusion. No patch is required at this time. |
| Centrifuge | Microfuge 16 | Non Windows | This product does not use or rely upon a Microsoft Windows-based operating system. It uses an embedded operating system that is not vulnerable to or affected by WannaCry ransomware. |
| Centrifuge | Microfuge 20 | Non Windows | This product does not use or rely upon a Microsoft Windows-based operating system. It uses an embedded operating system that is not vulnerable to or affected by WannaCry ransomware. |
| Centrifuge | Mobilefuge | Non Windows | This product does not use or rely upon a Microsoft Windows-based operating system. It uses an embedded operating system that is not vulnerable to or affected by WannaCry ransomware. |
| Centrifuge | Optima AUC | Non Windows | This product does not use or rely upon a Microsoft Windows-based operating system. It uses an embedded operating system that is not vulnerable to or affected by WannaCry ransomware. |
| Centrifuge | Optima L/XL | Non Windows | This product does not use or rely upon a Microsoft Windows-based operating system. It uses an embedded operating system that is not vulnerable to or affected by WannaCry ransomware. |
| Centrifuge | Optima L-XP | XP Embedded | Optima L-XP contains technologies to actively prevent malware intrusion. No patch is required at this time. |
| Centrifuge | Optima MAX-XP/MAX-TL | Non Windows | This product does not use or rely upon a Microsoft Windows-based operating system. It uses an embedded operating system that is not vulnerable to or affected by WannaCry ransomware. |
| Centrifuge | Optima XE and XPN | Win Embedded 2009 | Optima XE and XPN contain technologies to actively prevent malware intrusion. No patch is required at this time. |
| Centrifuge | Optima XLA/XLI | XP | SP3 or greater install patch. Older versions contact Technical Support for options to upgrade to SP3. |
| Centrifuge | SpinTrace | NT, XP SP3 | SP3 or greater install patch. Older versions contact Technical Support for options to upgrade to SP3. |
| Cytometry | AQUIOS | W7 | Beckman only supports network connectivity through the Proservice hardware firewall (RAP box) without an additional connection to the lab's network. In this configuration the system is not vulnerable to network infection. Instructions are available to securely route system connectivity to file share, middleware and network printing. |
| Cytometry | Astrios | W7/Vista | Win 7 Patch Tested and OK to Apply. For Vista or XP systems with Dell T3500 or Custom i7-3770 system, OS may be upgrade to Win 7 by service and then the patch applied. Systems with Dell T3400 should be isolated off network or replaced with new Custom i7-3770 workstation. Please contact service for OS or hardware upgrade quote. |
| Cytometry | CyAn | W7/XP | Please Isolate or contain to a closed network. |
| Cytometry | CytoFLEX | W7 | Workstation OS Patch Tested and OK to Apply |
| Cytometry | CytoFLEX LX | W10 | Workstation OS Patch Tested and OK to Apply |
| Cytometry | DI | 2k, XP, W7-32/64-bit | Workstation OS Patch Tested and OK to Apply |
| Cytometry | FC500 MCL (IVD) | W2K/W7 | For Win 7: McAfee CXP Cybersecurity software upgrade kit (PN 393695) is available. If you have already received the disks, please be sure that you have followed the included instructions to install the software. For w2k: Microsoft patch and Proservice are not available for this instrument. Please isolate instrument off of network or contact sales or service for discounted windows 7 upgrade package. |
| Cytometry | FC500 MPL | XP | Microsoft patch and Proservice are not available for this instrument. Please isolate instrument off of lab network or connect instrument only to a secure, closed network. |
| Cytometry | FP1000 | XP | Microsoft patch and Proservice are not available for this instrument. Please isolate instrument off of lab network and communicate with middleware and instrument through a secure, closed network. |
| Cytometry | Gallios | W7/Vista | Beckman only supports network connectivity through the Proservice hardware firewall (RAP box) without an additional connection to the lab's network. In this configuration the system is not vulnerable to network infection. Instructions will be made available in the near future to securely route system connectivity to file share, and network printing. Quotes for discounted windows 7 upgrade package are available to Gallios Vista customers from sales or service. |
| Cytometry | MoFlo XDP | W7/XP | Win 7 Patch Tested and OK to Apply. For XP systems with Dell T3500 or Custom i7-3770 system, OS may be upgraded to Win 7 by service and the patch then applied. Systems with Dell T3400 should be isolated off network or replaced with new Custom i7-3770 Workstation. Please contact service for OS or hardware upgrade quote. |
| Cytometry | Navios/Navios EX | W7/Vista | Beckman only supports network connectivity through the Proservice hardware firewall (RAP box) without an additional connection to the lab's network. In this configuration the system is not vulnerable to network infection. Instructions will be made available in the near future to securely route system connectivity to file share, middleware and network printing. |
| Cell Viability | Vi-CELL | NT 4.0,2k, XP | Patch may be applied to systems running Windows 7. For computers running earlier operating systems, isolate the computer from any network or upgrade to a Windows 7 workstation. |
| Cell Viability | Vi-CELL MetaFLEX | XP Embedded | Patch may be applied to systems running Windows 7. For computers running earlier operating systems, isolate the computer from any network or upgrade to a Windows 7 workstation. |
| Cell Viability | Vi-CELL XR | W7 | Patch may be applied to systems running Windows 7. For computers running earlier operating systems, isolate the computer from any network or upgrade to a Windows 7 workstation. |
| Lab Automation | Biomek 3000 | XP/W7 | Install Patch, Beckman Coulter evaluated and validated the MS17-010 security patch for installation and use with Windows XP and Windows 7 Biomek 4000/3000 systems. |
| Lab Automation | Biomek i-Series | W10 | No action required. The patch is already included in the initial product release. |
| Particle Counting | Anatel PAT700 | CE 5 | The Anatel series of products are designed with network security features built-in. The embedded software used in these systems is not vulnerable to the recent ransomware attack. These instruments can be used with software on Windows PC's. There is no indication that these programs are vulnerable to the ransomware security risk or are impacted by the patches implemented by Microsoft. |
| Lab Automation | Biomek FX/FXp | XP/W7 | Install Patch, Beckman Coulter evaluated and validated the MS17-010 security patch for installation and use with Windows XP and Windows 7 Biomek FX/FXp systems. |
| Lab Automation | Biomek NX/NXp | XP/W7 | Install Patch, Beckman Coulter evaluated and validated the MS17-010 security patch for installation and use with Windows XP and Windows 7 Biomek NX/NXp systems. |
| Particle Characterization | DelsaMax | XP SP3, Vista, W7-32bit | Patch may be applied to systems running Windows 7. For computers running earlier operating systems, isolate the computer from any network or upgrade to a Windows 7 workstation. |
| Particle Characterization | LS 13320 | 98, W2k, NT, XP, Vista | Patch may be applied to systems running Windows 7. For computers running earlier operating systems, isolate the computer from any network or upgrade to a Windows 7 workstation. |
| Lab Automation | Biomek 4000 | XP/W7 | Install Patch, Beckman Coulter evaluated and validated the MS17-010 security patch for installation and use with Windows XP and Windows 7 Biomek 4000/3000 systems. |
| Particle Characterization | DelsaNano | XP SP3, W7-32bit | Patch may be applied to systems running Windows 7. For computers running earlier operating systems, isolate the computer from any network or upgrade to a Windows 7 workstation. |
| Particle Counting | HIAC 8011 | None | This product does not use or rely upon a Microsoft Windows-based operating system. It uses an embedded operating system that is not vulnerable to or affected by WannaCry ransomware. |
| Particle Counting | HIAC 8011+ | CE 7 | Review in process |
| Particle Counting | HIAC 9703/9703+ | None | This product does not use or rely upon a Microsoft Windows-based operating system. It uses an embedded operating system that is not vulnerable to or affected by WannaCry ransomware. |
| Particle Counting | MET ONE 3400 | Non Windows | No Action Required, No Windows OS |
| Particle Counting | MET ONE 6000/7000 | None | This product does not use or rely upon a Microsoft Windows-based operating system. It uses an embedded operating system that is not vulnerable to or affected by WannaCry ransomware. |
| Particle Characterization | MS3 | 95, 98, NT6.0, 2K , XP | Patch may be applied to systems running Windows 7. For computers running earlier operating systems, isolate the computer from any network or upgrade to a Windows 7 workstation. |
| Particle Characterization | Multisizer 4e | W7 | Patch may be applied to systems running Windows 7. For computers running earlier operating systems, isolate the computer from any network or upgrade to a Windows 7 workstation. |
| Particle Counting | PODS | None | No action required, firmware based/customer supplied computer with XP or newer |
| Particle Counting | PODS+ | CE 7 | WIN CE 7/customer supplied computer with XP or newer |
| Particle Characterization | Z Series | Non Windows | This product does not use or rely upon a Microsoft Windows-based operating system. It uses an embedded operating system that is not vulnerable to or affected by WannaCry ransomware. |
| Particle Counting | 3400 | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | 6000/7000 series | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | QII Max | CE 5 Embedded | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | QIII Ultra | CE 5 Embedded | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | 2400 series | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | HHPC+ | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | 2100/2200 | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | 237A/B | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | R4800 | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | R4900 | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | Glycount | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | ROC | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | HHPC-6 | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | 2000 | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | 9703 | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | 9703+ | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | PODS | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | PODS+ | CE 7 Embedded | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | 8000A | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | 8011/8012/8103 | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | 8011+ | CE 7 Embedded | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | PAT700 | CE 5 Embedded | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | A643 | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | A1000 | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | TOC600 | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
| Particle Counting | UP100 | Non Windows | Customer supplied computer, install patch based on local IT recommendation |
Beckman Coulter Diagnostics
Our diagnostic product information updates can be found on beckmancoulter.com.
