Avatar photo

Contributor

Author Bio ▼

Adam Bannister is a contributor to IFSEC Global, having been in the role of Editor from 2014 through to November 2019. Adam also had stints as a journalist at cybersecurity publication, The Daily Swig, and as Managing Editor at Dynamis Online Media Group.
July 3, 2017

Sign up to free email newsletters

Download

Whitepaper: Multi-residential access management – The move to digital

Petya/GoldenEye: Cybersecurity experts respond to ransomware attack

The latest ransomware virus to sweep the globe started in Ukraine after users there downloaded a popular tax accounting package or visited a local news site, according to Ukrainian police and cyber experts.

Called GoldenEye or Petya, the virus has affected thousands of computers, disrupting organisations in a wide range of sectors, from shipping to manufacturing.

US shipping company FedEx, Danish shipping giant AP Moller-Maersk and Russian oil giant Rosneft are among those hit by the attack.

The malicious code locks machines and demands that victims pay a ransom of $300 in bitcoins or lose their data.

The hackers’ motives are still unclear, with some experts speculating that, given the modest sums demanded, a motive other than financial gain might be driving them.

A number of cybersecurity experts offered their analyses to IFSEC Global, which you can read below.


Eldon Sprickerhoff, founder and chief security strategist, eSentire

Attacks are becoming more widespread, are moving faster, and are harder to kill

The eSentire threat intelligence team has confirmed one variant associated with this attack, however broadly there are more than 50 different flavours of ransomware variants in the wild. Of those flavours, behaviors prompt the rapid deletion of files and exfiltration of data.

Recently we’ve tracked a new variant which works to lock down passwords before encryption, making backup restoration particularly tricky. This attack amplifies the rapid evolution of ransomware; attacks are becoming more widespread, are moving faster, and are harder to kill.

While this attack is hitting Europe harder than other countries (at the moment), it is moving quickly and businesses worldwide should treat this as the warning siren. Take this as an opportunity to ensure that offline backups and system patches are up-to-date, and tested.


 Dr Jamie Graves, CEO, ZoneFox

It’s not just computer systems shutting down; it’s energy grids losing power, ships stopping in their tracks and people not being able to access their money

This is further confirmation that we now live in a world where nation-state sponsored cyber-attacks are becoming as routine as ‘real-world’ incidents.

This latest attack reminds us of two crucial facts regarding the current state of cyber security: that attackers now have access – regardless of whether they are state-sponsored or independent – to military-grade cyber weaponry, hence the fact that the attacks are so successful.

Secondly, that digital data is directly linked to physical assets; it’s not just computer systems shutting down, it’s energy grids losing power, ships stopping in their tracks and people not being able to access their money.

Despite the headlines it will create, especially in the wake of the recent WannaCry incident, this is old news. The origin of this attack looks to be a phishing email that delivers a rebranded piece of ransomware, with the only addition being the NSA EnternalBlue exploits that WannaCry used.

If you don’t have adequate security in place and a seriously security-conscious culture, you’re going to get a free penetration test to show just how vulnerable your organisation really is.


Marty P Kamden, CMO, NordVPN

One way to protect yourself is to disrupt a system before it boots, as the ransomware runs on boot

The latest ransomware assault seems to be particularly dangerous. One of the best protection mechanisms are patches, but they might not always work with this new version of Petya.

Another way to protect yourself is to disrupt a system before it boots, as the ransomware runs on boot. After the device gets infected with a ransomware, it will wait for about an hour until reboot.

Reboot is required for a malware to encrypt the system, so in certain cases, if the device gets terminated in the encryption process, it gets disrupted and information can be saved.

Generally, system administrators are still not well-prepared to protect their networks, and these attacks will only keep getting worse.


Matt Kingswood, UK head, IT Specialists

The best way to prepare for an attack is to back up data regularly to the cloud

The news story on the new variant of the Petya ransomware – dubbed PetrWrap –  exposes just how complex and well evolved cyber threats have become.

Researchers from Kaspersky have documented that “the group behind PetrWrap created a special module that patches the original Petya ransomware ‘on the fly’”.

While Kaspersky has a signature for this ransomware already, other AV providers are sure to follow soon.

Although there are a range of best practices to reduce the risk of a ransomware infection (such as installing an antivirus scanner, utilising intrusion detection services, applying updates as soon as possible and avoiding unsolicited email attachments), there is no failsafe method for preventing ransomware.

The best way to prepare for an attack is to back up data regularly to the cloud. Secure cloud-to-cloud backup solutions create another, encrypted version of your data and maintain prior versions ‒ in the case of a ransomware attack, the versions before the attack. And, of course, this second copy has the added benefit of preventing data loss via accidental deletion.

 

Listen to the IFSEC Insider podcast!

Each month, the IFSEC Insider (formerly IFSEC Global) Security in Focus podcast brings you conversations with leading figures in the physical security industry. Covering everything from risk management principles and building a security culture, to the key trends ahead in tech and initiatives on diversity and inclusivity, the podcast keeps security professionals up to date with the latest hot topics in the sector.

Available online, and on Spotify, Apple Podcasts and Google Podcasts, tune in for an easy way to remain up to date on the issues affecting your role.

IFSECInsiderPodcastLogo

Related Topics

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Topics: