Just a month after the sweeping WannaCry attacks, we now see a new ransomware threat, a Petya variant, causing havoc across the globe. As is usual with these kinds of attacks, users find themselves staring at a ransom screen informing them that their data has been encrypted and that they need to pay $300 in order to get the key that will unlock it.
The odd thing this time, is that cybercrime analysts suspect the ransomware was unleashed as a deliberate attack on the Ukraine, which suffered 60% of all infections including attacks on its power supplier, Kiev Airport and on the Chernobyl nuclear reactor.
Whether a deliberate attack or not, it doesn’t detract from the fact that the virus has spread to organisations in many other countries. In the UK, advertising agency WPP was affected as well as Russia’s main oil company, Rosneft, Danish shipping company, Maersk, and pharmaceuticals company Merck.
Petya and WannaCry using same routes
One of the biggest concerns about Petya is that it seems to be exploiting the same vulnerabilities that WannaCry used. Both infect systems which operate on a vulnerable Windows Server and SMB (Server Message Block) and are spread using software stolen by hackers from the US National Security Agency and leaked over the internet.
The fact that hackers can so easily raid the USA’s equivalent to GCHQ, tells us a great deal about the state of the world’s cyber security. However, the worrying thing is that the tools created by the NSA are now available online for ransomware developers to use at will. This means it’s unlikely that WannaCry and Petya will be the only two ransomware viruses that use them. There may be worse to come.
Urgent need to upgrade systems
Fortunately, many systems are not vulnerable to Petya and WannaCry. The current vulnerability exists in only in older versions of Windows. Those at risk are those which have not updated their systems. Microsoft released a patch for WannaCry eight weeks before the global attacks; those that took advantage of this were unharmed.
The organisations which remain vulnerable are those whose business needs prevent them from upgrading their systems and those which are complacent. These are the organisations the attackers are targeting. And they are targeting. These are sophisticated criminal gangs looking specifically for those companies which find it difficult to upgrade because they cannot tolerate any downtime.
As for the future, new ransomware viruses may be able to exploit a wider range of vulnerabilities. Just because you are immune from WannaCry or Petya doesn’t mean you’ll be immune to the next big attack. As a matter of policy, updating your software should be done as soon as possible after an update or patch is released.
You cannot rely on antivirus alone
What makes ransomware even more challenging is that the viruses are designed to be stealthy: only 30% of antivirus programs were sophisticated enough to detect WannaCry. This is because cybercriminals analyse the signatures antivirus software looks for in a virus and then adapt their ransomware so that those signatures can’t be detected.
When, finally, an antivirus company releases an update that does detect the ransomware, the cybercriminals use the update to make further cloaking modifications. For this reason, antivirus software cannot be the only means of protection you use.
Train your employees
The biggest cause of ransomware infection is staff clicking on malicious links in emails, visiting malicious sites or clicking on malicious advertisements. The vast majority of this is unintentional and down to plain old ignorance about how malware is transmitted.
Training you staff about cyber security is essential and can massively reduce the risk of infection. Staff need to know how to recognise suspicious emails, fake hyperlinks, dodgy websites and malicious social media posts and they also need training on how to use the internet and email safely. In addition, you should update your Acceptable Use Policy to make sure procedures for using IT are up to date with current threats.
Itâ€™s not only staff that can make your system vulnerable. Anyone who has access to your network, such as business partners, consultants or clients can open doors to an attacker. Make sure these people and organisations comply with your security procedures and have access to essential training.
Share data responsibly
Most organisations will regularly share data with external partners as part of their day to day operations. To ensure that these communications are secure, any data sent or received should be encrypted, scanned for viruses and require authentication before being accessible to the recipient. Weak data security has led to many attacks on businesses, especially phishing, CEO Fraud and ransomware.
One particular concern is letting attackers get access to your FTP platform from where they can launch ransomware attacks from inside the network. To prevent this, make sure you employ highly secure and data sharing methods, for example, a Secure Managed File Transfer system.
WannaCry and Petya have once again shown us the damage that ransomware can do. If you are the victim, thereâ€™s the expense of restoring your system, the loss of revenue through downtime, and cost of reputational damage. Even worse, is the impact of this on those who rely on you. These two ransomware packages have been responsible for power cuts, A&E closures, airport delays and even stopping radiation monitoring at Chernobyl.
Sooner or later, governments are going to demand that organisations be held accountable for loss, damage or injury caused by companies which have not updated and patched software or have not put stringent security measures in place. There will be new compliance regulations and injury lawyers will have a field day with negligence claims.
Hopefully, from reading this article, you can see the real threats that ransomware poses and will have a better understanding of how to safeguard against them.
If you are looking for highly secure hosting for your organisation, contact us on 0800 862 0380 and we will be happy to discuss how we can keep your system safe and help you stay compliant.