Update, Update, Update.
Yet another “ransomware” is running rampant in Europe (primarily the Ukraine) , and it can be avoided with windows updates; that’s it. Petya-Mischa/notPetya/Nyetya whatever they are calling now, is based off of the same exploit Wannacry/Wannacrypt took advantage of, EternalBlue. This time the attack has become more potent, instead of encrypting specific files it encrypts your MFT (Master File Table). Basically it renders your operating system useless, and the ransom is in bitcoin (about $300). According to this Forbes.com article, as of June 27, 2017 only 22 payments had been made. The really bad news here is that the email account linked to the ransomware has been shut down and there is no way of getting your files back apart from a restore. If you do not have backups of your data, it is gone; sounds like a waste of money to me . Unless you have been living under a rock, you can see that the frequency and severity of cyber threats are on the rise. Fortunately both of the recent high profile attacks have been easily avoided with proper patching and updating; and hopefully business’ world wide will start taking their cyber security more seriously. It is sad that plenty of money will be paid in ransom for nothing; because business’ refused to act when they saw the effects of their negligence less than a month ago.
Backup, Backup, Backup.
“If you didn’t make 3 copies, you didn’t really want your data”
Its an industry idiom IT professionals toss around, but it holds more weight than ever; A good backup, disaster, and recovery (BDR) plan is the foundation of a holistic security approach, the ability to recover from a recent backup is the only way to be safe. Without a comprehensive BDR solution you are playing roulette with your company data every single day. In the modern cyber threat landscape it is not a matter of if you will be hit, but when you will be hit with a cyber attack.
A week after this massive attack, the opinions are in, and experts are saying this was a coordinated attack; not just some amateurs looking for money. A Malwarebytes Lab blog post outlines an analysis that was done of Petya code released with previous attacks compared to the June 27 release. The article states that “The edits made in the code are well crafted – the person doing them was fluent in assembly and knew exactly what to change and why.” Their intent was malicious. Please ask your “IT guy” what you are doing for updates on your machines, updating is the simplest way to stay a step ahead; but updates are the bare minimum, backups provide a broader safety net.
Stay safe, happy computing.