<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">
Defrag This

| Read. Reflect. Reboot.

The Return of the Ransomware Attacks

Kevin Conklin| June 27 2017

| security

Once again, mass reports are circulating of a ransomware attack sweeping across the globe.

Believed to be a variant of Petya, affected users are confronted with a screen that states that all of their data is encrypted and can be unlocked with a key that can be purchased for a ransom. The most recent victims seem to include pharmaceuticals company Merck, the law firm DLA Piper, Spanish food giant Mondelez and Danish shipping concern Maersk.

ransomware.jpg

Two early forensics points seem to be worth noting. It appears the attack is exploiting the same Microsoft vulnerabilities as the WannaCry software did in May. This wave is explicitly targeting organizations who may have found it more difficult to upgrade all of their systems due to the need to have the systems on-line for business reasons.  Additionally, as is the case with most sophisticated attacks, the signature of the Petya variant is not recognized by most anti-virus updates.

What Lessons Can Be Learned?

There are several, but let's touch on a few key takeaways.

It has long been known that relying solely on anti-virus or other signature detection approaches to protect against malware is risky. Today's cyber criminals are nothing if not sophisticated. They have the same anti-virus updates as you do and can easily alter the signature of their variants to remain undetected. Anti-virus is no defense against a dedicated attacker that has your data in their sights.

Keeping systems up to date with security patches is a must. As can be seen in both the WannaCry attacks in May and this weeks Petya, some companies weighed the cost of downtime against the risk of a ransomware attack - and lost. Again, we aren't dealing with some overaged juvenile with social issues and uber-nerdy hacking skills here. Today's attacks are being brought to us by well-funded cybercriminals who strategically plan the most effective attacks that will yield the best return on investment. They know who is likely to be vulnerable. So if you fit the profile (reliance on data, too busy to upgrade your systems) you will be a prime target.

Cyber security awareness training is critical. Studies across a number of industries are pointing to the fact that the majority of attacks are successful because of insider intended or unintended actions. Phishing schemes and social engineering top the list. If you haven't started training employees on how to recognize suspicious emails and social content you are severely behind the curve.

Read: Which Cybersecurity Approach Is Best For Your Business?

Make sure your business partners take your security as seriously as you do. A common attack vector is through one of your suppliers, outsourcers or other types of business partner with access to your trusted networks. Make it a condition of doing business that you regularly audit their security practices and that they undertake employee cyber awareness training.

The importance of data sharing in today's economy likely means that your organization routinely exchanges data with external partners. These transmissions should be encrypted, checked with anti-virus and access should be restricted to Multi-Factor Authentication.

Too many companies have focused solely on perimeter and end-point defenses only to be attacked through the data transfer tools they use in everyday business. Access to an FTP platform is like finding a pot of gold to a cyber criminals. It offers clear command and control to carry out their attacks from within your networks. Make sure you are using the most secure and compliant means of data sharing available such as a Secure Managed File Transfer system.

Try Our Industry-leading Managed File Transfer Software Start your free  no-obligation trial of MOVEit Transfer. Start Free Trial

Ransomware Update

As is typical, within 24 hours of the first posting of this blog, new information has emerged from forensic analysis of the attack. Examination of the code suggests variations from Petya significant enough that analysts are referring to the malware as NotPetya or Petnya.

Some of these variations also suggest that the motivation was not financial as the attacker used an extremely inept payment mechanism. The ransomware demanded payment to a single email address which was quickly blocked by the attacker. Thus the payment could never be made.

Analysts now believe the attack was likely state sponsored and aimed at the Ukraine government. The attack first surfaced in the Ukraine using the software distribution mechanism for an accounting application used by firms doing business with the government.

In any event, the above cyber security precautions are still applicable.

Topics: security

Leave a Reply

Your email address will not be published. Required fields are marked *

THIS POST WAS WRITTEN BY Kevin Conklin

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.