Latest in String of Ransomware Attacks
Heather: Ryan, let’s talk now about that ransomware attack. What do we know about where it originated and just who might be behind it?
Ryan: Well, you know, we just got the internet cleaned up, you guys, and this is why we can’t have nice things. So WannaCry was just a few weeks ago, and now a new virus is out called Petra or Petya. And here is the weird thing again. It’s it’s being rumored this is part of the Shadow Broker dump that happened on WikiLeaks back in April. And this was the tools that the NSA was supposedly developing and using, and this is taking advantage of a particular protocol in Windows, the code name External Blue, that would essentially propogate networks very quickly and go behind firewalls. And most often this virus is getting in through… somebody is clicking on a link within a corporate network or downloading an email. And then once that one computer gets infected, it quickly spreads throughout the rest of the network, turns them into gobbledygook, basically, it just encrypts all of the hard drives and then demands a ransom. However, here’s, kind of, the interesting thing about it is there’s a Twitter account that is tracking all of the payments that are going to the Bitcoin account. As of about two o’clock today, there were only about 29 payments. So, it’s only $7500 total collected globally for this attack. So, it doesn’t seem to be super effective but it could be, kind of, harrowing that maybe we’re not paying up when these ransomware guys are attacking.
Heather: Yeah, and, perhaps, this could lead to something else but more malicious, if you will. All right, Ryan. Always appreciate chatting with you. Thank you so much.
Ryan: You’re welcome.
Early on June 27th, 2017, people around the world woke up to find their computers under siege.
The latest in an ever-growing sequence of cyber attacks, “Petya” (some news outlets are calling this variant “NotPetya”) is the second ransomware attack in as little as a few months.
What is a ransomware attack?
Ransomware is a type of malware that blocks access to files stored on a computer by encrypting its data and demands money from the user to “purchase” the decryption key to release that information.
In the US, the following companies have been affected by Petya:
- Pharmaceutical company Merck & Co
- Mondelez (the snack maker that owns Oreos and Cadbury)
- Hospitals in Pennsylvania’s Heritage Valley Health System
- Law firm DLA Piper
Petya is not new.
It’s using a known exploit called EternalBlue that was available for purchase on the dark web. The version unleashed yesterday is simply a modified format of what’s already been circulating widely.
Like its predecessor WannaCry, Petya is exploiting the same vulnerabilities.
While moving slower than WannaCry, Petya has taken it’s toll worldwide.
It has affected banks, telecoms, Kiev International Airport, Chernobyl Nuclear Power Plant, and various other businesses (mainly in Ukraine, Russia, and Poland).
Why do hackers do these ransomware attacks?
The obvious answer is an easy monetary gain.
Hackers usually demand $300 from users to unlock their data.
To date, this latest strain of Petya appears to have netted only around $7,500 and Gizmodo reported that the email address associated with payments has been shut down.
WannaCry netted hackers roughly $150,000 since its release.
But security researchers are theorizing that the aim of Petya/NotPetya is more likely destructive – to spread chaos – than any true expectation of monetary windfall.
Some hackers get a kick from disrupting established institutions that people use every day such as banks, hospitals, and utility companies.
We’ll have to wait and watch events unfold to truly evaluate the damage Petya ends up causing between now and when a kill switch is identified.
Should you pay up?
Paying doesn’t guarantee you’ll get the ‘key’ to unlock your data.
McAfee Chief Scientist Raj Samani stated that only an “inconsequential” amount of decryption keys were provided to victims who had actually paid up during WannaCry.
If you’ve been attacked, consider your data gone.
What do you need to know to protect yourself?
It’d be foolish to think ransomware attacks will go away.
If anything, the number of attacks have been increasing since 2016.
In April 2017, a collection of hacking tools were stolen from the NSA and released by the Shadow Brokers on WikiLeaks.
This has led to a surge of malware attacks being released.
In other words, expect more (not less) attacks.
Install Updates (Patches)
The first line of defense is to install all Operating System updates as they include all known patches to protect your system from known paths of exploit.
Then make sure that you’re running an updated anti-malware product (more on that in a minute).
But that’s not enough to keep you safe.
The latest ransomware is persistent, finding it’s way into patched machines by collecting passwords and credentials from an unpatched machine and using them to log into patched machines on a shared network.
Beef up your backup
The best defense is a thorough data backup plan.
This annuls any ransom demand for your data since you already have it stored elsewhere.
An automated cloud-based data backup solution with versioning is all you really need.
Versioning simply means that the software maintains several save points of your entire system to which you can revert to at any point.
If you get infected, you just need to install a save point prior to when the attack occurred.
If that sounds too technical or like too much work, we can set it up for you.
No appointment needed!
Upgrade your Antivirus
Not all antivirus software is made equal.
Many antivirus programs work retrospectively and identify malware by looking at file name and type on your computer. This means that it only looks for existing infections.
We prefer Webroot Antivirus instead.
It incorporates dynamic threat protection and identifies a malware by its actions. With it, you can block threats in real-time that other antiviruses don’t even know exist yet.
Nerds on Call offers an exclusive monitored Webroot solution.
Monitored means that our technicians actively monitor your system’s antivirus. They’ll keep it up to date and respond to alerts that threaten to take your system down.
Ransomware attacks are scary.
All you can do is prepare yourself and reduce the risk of becoming a victim.
Still not convinced about the dangers of ransomware? Don’t take our word for it.
Here are some scary ransomware stats worth considering:
Like This? We have more!
Sign up below to be kept in the loop and be sent more content like this in the future!