Last week, less than a month after the WannaCry ransomware attack infected more than 250,000 computers in 150 countries, security experts announced new revelations about a new attack, which originated in the Ukraine and spread to Russia, Poland, Italy, Germany, France, Spain, and the United States, along with nearly 60 other countries.
This attack began with a specific target: 12,500 machines running older versions of Microsoft Windows and software owned by M.E.Doc, a tax-accounting company based in Ukraine. Several private companies, including the American pharmaceutical giant Merck, the Danish shipping company AP Moller-Maersk, the British advertising firm WPP, and TNT Express, a global subsidiary of FedEx, were subsequently struck with a message featuring red text on a black screen: “Oops, your important files have been encrypted. If you see this text then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking to recover your files but don’t waste your time.”
What made this attack significantly different than past ones, however, was that “waste of time” part — within hours, the hackers’ email address used to collect Bitcoin payment required as ransom was shut down, eliminating their ability to communicate with victims and restore access to encrypted data. As many baffled security experts speculated, if the hackers launched their attack to make money, they failed spectacularly.
Instead, some theories now hold that the attack was disguised as ransomware but meant to permanently wipe as much data on as many hard drives as possible. Researchers at Kaspersky Lab speculated that it was a “wiper” attack that used the media frenzy surrounding ransomware as a ploy to drum up attention. Still, that attention is needed to stem the tide of ransomware, one of the most tried and true vehicles for cyber-attack.
Ransomware relies on locking a victim out of his or her own files until they pay a certain amount for a decryption key. Last year, security researchers estimate that cyber-criminals made more than $1 billion via ransomware attacks, with targets ranging from Fortune 500 corporations to independently owned small businesses and even private individuals. But the WannaCry attack and this most recent one, alternately identified as Petya, NotPetya, ExPetr, and GoldenEye, took in only $100,000 combined.
Both spread by combining traditional ransomware assaults with an operating system vulnerability left open when software updates for Microsoft Windows were not installed. That allowed the attacks to grow quickly, exploiting lone unprotected machine to then infect devices across any connected network. WannaCry’s global spread was stymied by a rogue security expert who registered a domain name for $10 and halted the attack in its tracks. Last week, a German email provider shut down the address associated with ransom payments, stopping the so-called Petya assault within a day.
Whether ransomware is intended to make money or just wreak havoc, stopping it is the number-one goal for businesses small and large. CMIT Solutions has extensive experience protecting its clients from such incidents, and our 24/7 monitoring and maintenance solutions sprang into action last Tuesday to immediately deploy protections for any clients at risk of infection. Here’s what we suggest to keep your business safe:
Ensure that all software patches and security updates are properly deployed.
WannaCry and Petya both took advantage of a publicly acknowledged vulnerability in older versions of Microsoft Windows. Any business with a trusted IT partner by its side would have had that patch deployed earlier this spring. After WannaCry, extra precautions were taken, as well. But in Petya’s case, even one vulnerable system could have taken down any protected ones that were connected on the same network, which makes comprehensive security so critical.
Never click any link or download any attachment in a suspicious email.
Although the two most recent global ransomware attacks were not spread via the standard phishing email method, all it takes is one errant click on one illicit link or malicious file to put an entire business’ computers at risk. Training your employees to quickly identify and avoid suspicious emails is a baseline for online security.
Always back up your data.
Creating regular, redundant, and remote backups of your critical business data is one of the most important security measures you can take for continued success. While free solutions exist on the open market that may indicate they’re backing up your entire computer, reliable data backup performed on a regular basis by a trusted IT provider is the safest way to prevent any ransomware attack, virus infection, or data breach from knocking your business out of commissions. Oh, and make sure your backup retrieval procedures are well vetted and regularly tested — if your data is lost, you want to be able to quickly restore it in the event of a cyber-attack or natural disaster.
At CMIT Solutions, we go the extra mile to protect the data, devices, and digital identities of our clients. While ransomware evolves and hackers devise new tricks to avoid standard anti-virus programs and firewalls, our 800 staff members located across North America work day and night to deploy new protections and devise new strategies for IT success. If you want a trusted partner to worry about your technology so you don’t have to, contact CMIT Solutions today.