Global cyberattack: What you need to know
Another major cyber attack, known as Petya/NotPetya, believed to have first struck Ukraine, caused havoc around the world yesterday, crippling computers or halting operations on a global scale. The rapidly spreading computer worm appears to have borrowed key features from last month’s ransomware attack, “WannaCry” but has serious differences from WannaCry which make it far more dangerous. Here’s what you need to know:
What does it do?
- The ransomware infects computers and locks down their hard drives. It demands a $300 ransom in the anonymous digital currency Bitcoin.
- The email account associated with the ransomware has been blocked, so even if victims pay, they won’t get their files back.
Am I vulnerable?
- Regular consumers who have up-to-date Windows computers are safe from this attack, experts say. However, if there is one out-of-date machine on a company’s network, it could infect other connected computers.
How is this different from WannaCry?
- Like WannaCry, the new ransomware attack uses the EternalBlue tool to spread. But researchers say it also uses other parts of Windows to infect computers, including seizing user credentials.
Unlike WannaCry, it locks down a computer’s entire hard drive instead of just the files. In addition, this attack focuses on spreading inside company networks instead of across the internet.
What can you do to protect your business from a ransomware attack?
- Make sure ALL of the servers and computers on your network are up-to-date – Unlike your personal PCs that patch themselves automatically these days, managing the health of your business network can be complicated. It’s crucial to a have a management system in place that can oversee and implement critical updates across your network. If you are not certain that all of your computers are fully patched, then you should immediately deploy a tool set that allows you to have that visibility.
- Back up your network – Regardless of your company’s size, employing a business-class backup service with off-site storage provides business continuity and full data recovery in the case of a ransomware attack, physical disaster, or any malicious attack on your organization.
- Store business critical files on file share servers (and back up those servers) – Maintaining internal control of your business critical data allows you to focus your backup efforts and your IT budget on protecting your company’s most important systems. Users who store important company documents on their local workstations run a high risk of losing those files to theft, ransomware, or technical failure.
- Train your employees – Phishing emails are still one of the most prolific methods for these viruses to spread. Educating your employees to pause before clicking an attachment is CRUCIAL. A reminder from last month’s email on the WannaCry virus:
NEVER open an attachment unless you know what it is and who sent it. If you have any doubts, contact the sender by telephone to ask if they sent it. It would be better to delete a legitimate message and need to have it sent again, than to open a malicious attachment and suffer the consequences of having your computer infected with a virus. Do NOT reply to the original message or send a new message to the sender’s e-mail address. The e-mail account may be hijacked, and the attacker may reply to your email instead of the actual account owner.
These ransomware attacks are an unfortunate reality in today’s business environment and it’s not just the Fortune 100 and 500 who are being targeted. Studies show that 50% of all ransomware attacks are perpetrated on small to medium businesses. Whatever your size, whatever your industry, ransomware is a very real threat.
Stay safe out there,
Steve Waters
CISO
