In the wake of this latest global ‘Petya’ ransomware attack, we’ve seen organisations across the world yet again hit by major system disruptions.
Experts say the problems were first picked up in the Ukraine, after staff at Kiev airport noticed issues, and the Microsoft systems used to check radiation levels near Chernobyl failed. But the problems have since affected businesses globally. Christiaan Beek, a lead scientist and principal engineer at McAfee said: “energy companies, the power grid, bus stations, gas stations, the airport, and banks are being targeted.”
The security researcher continued that he believes Petya has been designed for “speed, and is spreading around like crazy”.
According to computer scientist Professor Alan Woodward, the malware is taking advantage of the same weaknesses used by the Wannacry attack last month. This malware continues to be put up for sale on many forums, costing as little as £22.
Security specialist Andrei Barysevich said that since cyber-thieves can gain a lot of money from these attacks, its unlikely they will stop any time soon:
“A South Korean hosting firm just paid $1m to get their data back and that’s a huge incentive.”
Experts suggest that the malware seemed to be spreading through the same Windows code loopholes that were also exploited by Wannacry. Many firms did not even get round to patching those holes because Wannacry was tackled so quickly.
Although according to the BBC, it’s been bigger industrial organisations hit the hardest this time – companies are certainly at risk when it comes to ransomware attacks.
WHAT’S BEING DONE TO PROTECT US?
Many major antivirus companies now claim that their software has been updated to actively detect and protect against these ‘Petya’ infections: the latest Symantec products should, as should Kaspersky (according to their claims).
But in general, far greater precautions need to be taken by individual businesses and organisations to prevent future attacks.
Generally, experts in the security arena always advise to keep staff clued up on the latest advice. Keep up training and never let standards slip when it comes to security protocol – humans are always the weakest link.
Here’s what businesses need to remember:
1. Download at least two anti-virus programmes for added protection – set these up to run regular scans of your system and emails. It’s best to have a multi-faceted security solution that also employs additional protective technologies such as heuristics and firewalls
2. Train staff to spot dodgy emails with extension files and warn them not to open anything without confirming they know the sender
3. Make sure all apps on your company system and are up to date
4. Have a robust backup strategy including off site storage and testing of images and data
5. Educate staff on what ransomware is and how it can be stopped – do this by establishing security awareness campaigns to reduce the high success rates of phishing campaigns.
6. Patch commonly exploited third party software such as Java, Flash, and Adobe
7. Restrict administrative rights on endpoints, reducing privileges will reduce the attack surface significantly
8. Use a password manager like Lastpass that automates the generation of complex passwords and stores them so memorization is no longer an issue.
9. Use two-factor authentication. A hacker may steal your passwords, but it’s nearly impossible to steal those and your smartphone at the same time.
10. Use penetration testing to validate vulnerability and patch management activity.
Follow these relatively simple steps, and it should be easy to keep your company safe.
Author Rich Watts