Two large scale and devastating ransomware attacks in recent months, NotPetya and WannaCry, have wreaked havoc around the world.
By Simon Campbell-Young, CEO of Intact Software
WannaCry came first, causing chaos for the UK’s NHS, and infecting over 200 000 computers around the world. Then, at the end of June, NotPetya struck, affecting Ukrainian industrial targets, advertising business WPP, shipping giant Maersk, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft.
What these attacks clearly illustrate is that ransomware is no longer a nuisance malware that affects individuals. Organisations of every type and size are now a key target for this scourge.
Clearly, it is potentially far more lucrative to hold businesses ransom to thousands, or even hundreds of thousands of Rand, rather than target individuals for a few hundred. Companies need to take this threat seriously because losing their business data could be catastrophic, even causing them to close their doors.
Moreover, organisations need to come up with new ways to fight this threat. Paying up is simply not a good strategy, nor a sensible option. Paying the ransom will only encourage further attacks of this nature, and even when the ransom is paid, there is no guarantee that the business will get its data back.
NotPetya was a prime example of this, as the “payment” page was quickly taken down, leaving no avenue for the ransom to be paid, and experts suggest that the threat actors behind NotPetya are unable to decrypt the information in any case.
Companies also need to understand that they are a target. Thinking that your organisation isn’t big or high profile enough, or doesn’t have any really valuable data, is foolish.
Even though these attacks might be targeted, they spread like wildfire, making everyone a potential victim. Even security-savvy businesses who know not to click on attachments in unusual mails or random links can fall foul, due to worm-like capabilities that cyber criminals are employing to create maximum infection.
Another lesson businesses need to learn is to back up, and back up, and back up. Once your data is gone, it could be gone for good.
Take the time to identify your most valuable information assets, and focus security efforts there first. Make sure you know where your data is stored, and what happens to it in transit when you use a cloud provider. Don’t have any information you can’t afford to lose residing on a single computer, as the machine could become infected, and you could lose everything.
Also understand that updating software and patching is essential. WannaCry used an exploit called EternalBlue developed by the NSA and leaked by a group called Shadow Brokers.
NotPetya is spread using the same vulnerabilities that were exploited by Wannacry but combined with worm-like behaviours, and NotPetya infected even patched machines. Although patching systems is an onerous process, and not always a guarantee of security, it will save a lot of hassle in the long run.
Remember that NotPetya is unlikely to be the last threat of its kind we’re going to see, and the one that comes after it will be more cunning and complex, cleverly fixing the issues the last version had, just as NotPetya did following WannaCry. Software will continue to be flawed, and there will always be hundreds of cyber crooks waiting for opportunities to exploit those flaws, and make some cash in the process. Err on the side of caution.