Petya/GoldenEye: Cybersecurity experts respond to ransomware attack
The latest ransomware virus to sweep the globe started in Ukraine after users there downloaded a popular tax accounting package or visited a local news site, according to Ukrainian police and cyber experts. Called GoldenEye or Petya, the virus has affected thousands of computers, disrupting organisations in a wide range of sectors, from shipping to manufacturing. US shipping company FedEx, Danish shipping giant AP Moller-Maersk and Russian oil giant Rosneft are among those hit by the attack.
The malicious code locks machines and demands that victims pay a ransom of $300 in bitcoins or lose their data. The hackers motives are still unclear, with some experts speculating that, given the modest sums demanded, a motive other than financial gain might be driving them. A number of cybersecurity experts offered their analyses to IFSEC Global, which you can read below. Eldon Sprickerhoff, founder and chief security strategist, eSentire Attacks are becoming more widespread, are moving faster, and are harder to kill The eSentire threat intelligence team has confirmed one variant associated with this attack, however broadly there are more than 50 different flavours of ransomware variants in the wild. Of those flavours, behaviors prompt the rapid deletion of files and exfiltration of data. Recently we ve tracked a new variant which works to lock down passwords before encryption, making backup restoration particularly tricky. This attack amplifies the rapid evolution of ransomware; attacks are becoming more widespread, are moving faster, and are harder to kill. While this attack is hitting Europe harder than other countries (at the moment), it is moving quickly and businesses worldwide should treat this as the warning siren. Take this as an opportunity to ensure that offline backups and system patches are up-to-date, and tested.
Dr Jamie Graves, CEO, ZoneFox It s not just computer systems shutting down; it s energy grids losing power, ships stopping in their tracks and people not being able to access their money This is further confirmation that we now live in a world where nation-state sponsored cyber-attacks are becoming as routine as real-world incidents. This latest attack reminds us of two crucial facts regarding the current state of cyber security: that attackers now have access regardless of whether they are state-sponsored or independent to military-grade cyber weaponry, hence the fact that the attacks are so successful. Secondly, that digital data is directly linked to physical assets; it s not just computer systems shutting down, it s energy grids losing power, ships stopping in their tracks and people not being able to access their money. Despite the headlines it will create, especially in the wake of the recent WannaCry incident, this is old news. The origin of this attack looks to be a phishing email that delivers a rebranded piece of ransomware, with the only addition being the NSA EnternalBlue exploits that WannaCry used. If you don t have adequate security in place and a seriously security-conscious culture, you re going to get a free penetration test to show just how vulnerable your organisation really is. Marty P Kamden, CMO, NordVPN One way to protect yourself is to disrupt a system before it boots, as the ransomware runs on boot The latest ransomware assault seems to be particularly dangerous. One of the best protection mechanisms are patches, but they might not always work with this new version of Petya. Another way to protect yourself is to disrupt a system before it boots, as the ransomware runs on boot.
After the device gets infected with a ransomware, it will wait for about an hour until reboot. Reboot is required for a malware to encrypt the system, so in certain cases, if the device gets terminated in the encryption process, it gets disrupted and information can be saved. Generally, system administrators are still not well-prepared to protect their networks, and these attacks will only keep getting worse. Matt Kingswood, UK head, IT Specialists The best way to prepare for an attack is to back up data regularly to the cloud The news story on the new variant of the Petya ransomware dubbed PetrWrap exposes just how complex and well evolved cyber threats have become. Researchers from Kaspersky have documented that the group behind PetrWrap created a special module that patches the original Petya ransomware on the fly . While Kaspersky has a signature for this ransomware already, other AV providers are sure to follow soon. Although there are a range of best practices to reduce the risk of a ransomware infection (such as installing an antivirus scanner, utilising intrusion detection services, applying updates as soon as possible and avoiding unsolicited email attachments), there is no failsafe method for preventing ransomware. The best way to prepare for an attack is to back up data regularly to the cloud. Secure cloud-to-cloud backup solutions create another, encrypted version of your data and maintain prior versions ‘ in the case of a ransomware attack, the versions before the attack.
And, of course, this second copy has the added benefit of preventing data loss via accidental deletion. Free download: The video surveillance report 2017 Sponsored by IDIS The Video Surveillance Report 2017 covers all things video surveillance based on a poll of hundreds of security professionals. Specifically looking at topics such as open platforms, 4K, low-light cameras, video analytics, warranties and this year due to the growing threat posed, the cybersecurity landscape.
Further topics covered include: The network cameras hijack during the 2017 presidential inauguration, updates on the forthcoming EU data protection law (the GDPR), ultra-low light cameras versus thermal cameras and much more.
Click here to Download now