Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Businesses need to know why ransomware keeps on happening

18 views

Published on

One month after the WannaCry ransomware ravaged over three million computers around the world, a new variant of the Petya ransomware seems to spreading even faster since Tuesday afternoon. This new malicious software has infected more than 2,000 businesses worldwide in less than 24 hours and the list of victims continues to grow at an alarming rate.

Published in: Software
  • Be the first to comment

  • Be the first to like this

Businesses need to know why ransomware keeps on happening

  1. 1. Businesses need to know why ransomware keeps on happening One month after the WannaCry ransomware ravaged over three million computers around the world, a new variant of the Petya ransomware seems to spreading even faster since Tuesday afternoon. This new malicious software has infected more than 2,000 businesses worldwide in less than 24 hours and the list of victims continues to grow at an alarming rate. STRATEGIC ENTREPRISES ARE THE MAIN TARGET If WannaCry was aiming in the dark when it came to choosing its victims, Petya has a clear preference for public administrations and infrastructures. The first signs of a serious infection surged in Ukraine, where it forced the Chernobyl nuclear plant to shift to manual controls. Over one hundred strategic enterprises were also paralysed: the country’s main energy providers, airports and administration, banking services and even its ATMs. A few hours later, the Russian Central Bank, as well as one of the largest oil producers in the world, the Rosneft group, joined the list of victims. In Europe and in the US, numerous multinationals had to deal with Petya, such as the pharmaceutical giant Merck, the advertising specialist WPP, the first Danish marine carrier Maersk and the biggest lawyer agency in the world – DLA Piper. ANOTHER RANSOMWARE OR JUST HISTORY REPEATING Dubbed Petrwrap, GoldenEye or Nyetya, the Petya ransomware was discovered for the first time in May 2015. Today, we are facing a new variant of the initial malware. Some experts even went as far as declaring it is a whole new virus to begin with, hence the nickname NotPetya. Petya or NotPetya, there’s nothing new about the way it functions. Basically, once the ransomware is present on a machine, it forces a reboot in the next few minutes. It then starts encrypting .doc (Word), .ppt (PowerPoint), .xls (Excel), .pdf, .rar, .zip files. At the end, a message is displayed on the screen and the dreaded ransom note appears. It’s either 300 dollars in exchange for the encryption key or nothing. It’s only by taking a closer look at the way Petya infiltrates systems that we realize where the success of this ransomware actually comes from. Originally, the virus was launched with the help of a compromised update of a Ukrainian accounting programme (MeDoc), which would explain why the country took the hardest blow. In parallel, according to a CERT alert, Petya spread in various other countries via phishing campaigns (malicious emails containing malicious attachments).
  2. 2. WHAT IS LEFT TO BE DONE The news makes you wonder if people learned anything at all from the WannaCry incident. For the sake of those so unfortunate to have been infected, here’s what you need to do right away: unplug your machine from the network in order to prevent any additional damage to other connected devices. Once you receive the ransom note, do not, we repeat, do not pay it. There’s absolutely no guarantee that the cybercriminals behind it will even keep their word. On top of that, you’d be actually financing their activity further. In spite of this being an expert consensus, over 6 000 dollars had already been deposited yesterday in the Petya bitcoin account. If you are among the lucky ones and have not yet been infected, we advice you to quickly download the MS17- 010 Microsoft Windows update. You may also limit your exposure to the SMB service or check out our solutions designed to prevent this type of cyber-attack. If you’ve already done your homework (be it before or after the WannaCry affair, it’s behind us now), you might want to avoid opening any suspicious attachment received via email for a while. WHY DOES THIS KEEP ON HAPPENING? Today’s conclusions on the current cybersecurity state are quite grim. That being said, there’s no sole responsible in this story. Guilty party no. 1: cybercriminals. If WannaCry and Petya were possible, it’s only because a certain hacking group – the Shadow Brokers, decided to release a very dangerous 0-day vulnerability. Guilty party no. 2: the NSA. With great hacking weapons, comes great responsibility. Guilty party no. 3: companies. If you are tempted to quickly blame Microsoft for its faulty system, don’t. The company immediately released a patched – the only problem, users needed to manually prompt it. Many users today still feel cybersecurity is an issue that doesn’t directly concern them. That being the case, our experts aspire to continuously monitor state of the art advancements in the area of cybersecurity and therefore act as ambassadors in the pursuit of user awareness. For more tips on how to acquire an effective cyber-routine and no longer be on the guilty side, you can check out our previous article here: ‘Targeting the Human behind the Machine’. Link:

×