A new ransomware attack has affected numerous companies in Europe and the U.S., and has causing disruption especially in the public sector in Ukraine. The new ransomware strain uses code from the Petya family of ransomware, with a twist. Security firm Talos has identified the new strain as “Nyetya”, as it has distinct functionality from Petya. Initially, security researchers referred to this new strain as Petrwrap or GoldenEye.
The new strain of Petya has two layers of encryption: one that individually encrypts target files on the computer and another one that encrypts NTFS structures. This triggers an issue with infected computers that means they won’t boot up. Instead, they will load a notice of infection and instructions on how to pay the $300 ransom with bitcoin. Security company Bitdefender reported it blocked attacks for its clients on Tuesday.
Some security experts reported this attack is linked to the recent WannaCry attacks. The WannaCry ransomware strain affected over 300,000 computers and caused major disruptions in the United Kingdom’s healthcare system, before a researcher found a kill switch.
Fool me once…
Nyetya uses the same security flaw that the WannaCry attack exploited a few weeks ago in a massive cyberattack. However, unlike the Petya and WannaCry strains, there is currently no kill switch.
One would wonder how is it possible that, just one month after the sinister WannaCry attack, a breach still happened. We would expect that in the aftermath of WannaCry, organizations made sure to patch their systems and put defenses in place.
The Nyetya strain initiated in an accounting firm in Ukraine, reports Tom’s Guide. It spread quickly and ended up affecting a number of key institutions. The Kiev metro system, Chernobyl’s radiation monitoring system, even Boryspil airport and the National Bank of Ukraine had problems loading up their computers. Other countries like Russia, Denmark, UK and the U.S. were not spared.
While in some cases the issue might be pure negligence, companies might be vulnerable due to other reasons as well. We have discussed these before: budget constraints, lack of training or expert staff are some of them, especially in the public sector. Add to this complex legacy systems that often lack the ability to upgrade or are hard to patch, and you have a clear picture of why some organizations are still affected.
Safeguarding Against Ransomware
Organizations may not see the value of IT managed services until it is too late and data has been lost or a ransom has been paid. Cyberattacks have become so prevalent that it’s not a question of ‘if’, but ‘when’ one will happen. Some companies have even taken to stockpiling Bitcoin just in case they ever need to pay a ransom.
However, there’s no need to fuel the madness by giving in to ransom requests. It might help to know that even after the ransom is paid, criminals may not restore data access.
It doesn’t hurt to remind everyone in public and private organizations that there are other solutions. Here’s a few steps they can take to prevent attacks, or recover safely after one:
- Use antivirus and safe security systems
- Educate and train end employees on safe web use
- Use a reliable backup software solution and test backups often
- Keep backups offsite, replicate data to the cloud
- Keep at least one backup on an isolated device on your network.
Managed service providers can be the go-to experts that can safeguard against the ransomware threat and help with recovery after an incident. Solid backup and recovery solutions are the only real defence against ransomware. So make sure to keep a backup or two, to ensure quick data restore without paying the ransom.