What non-technical businesses need to know about the worldwide Nyetya Ransomware attack.
The cataclysmic nature of the latest string of ransomware attacks has caused unprecedented damage to organisations across the world. Unprecedented to non-IT personnel that is – most networking specialists have stressed the dangers of ransomware for a long time, and it’s unfortunate that it’s taken such a drastic and large-scale infiltration for institutions to take notice of the problem.
What is Nyetya?
The latest malware variant to spread like wildfire, is Nyetya otherwise known as GoldenEye, Pyetya or Petrwrap. Like WannaCry, Nyetya spreads across networks through a vulnerability in Microsoft Windows operating systems. A patch for the vulnerability was made available months ago by Microsoft, however not every organisation administered it. Nyetya is a type of malware that infiltrates an organisation’s network and prevents users and administrators accessing their data, by putting a ‘lock’ on it. They demand money in return for releasing the information through bitcoins, which is an untraceable form of online currency.
How did it spread?
Early reports suggested that the malware spread through email, however Talos, a global online threat intelligence agency believes that the source might have seeped through a software update for a Ukrainian tax accounting application used by government employees. Once activated, this ransomware variant demands $300 worth of Bitcoins to be paid to release the information on the affected devices.
What kind of businesses are affected?
In short – all kinds of businesses have been affected. Cyberattacks don’t discriminate against different types of businesses or organisations and the nature of internet connecting everyone and everything unfortunately means it isn’t possible to trace out the paths of infection or attack in advance. Ultimately, ransomware will infiltrate networks based on unpatched vulnerabilities not based on whether a cybercriminals think you have the money or are likely to pay the ransom. This makes these attacks even more dangerous to organisations particularly public sector and non-profit organisations that may have previously considered themselves to be safer from attack given their non-commercial operating model. The Nyetya attack occurred mainly across Europe and the US, affecting companies and organisations in Marketing/ Advertising, Construction, Manufacturing, Logistics and Healthcare sectors. Unlike WannaCry, Nyetya’s anatomy isn’t designed to spread as quickly and aggressively which is why there are fewer infected networks in these rounds of attacks. However, given how profitable ransomware is for hackers – we can be certain that this isn’t the last time a widespread malware attack affects the world on a large-scale. So, if you are safe today, ask yourself what would be the impact and the cost to you if you lost all your data, in your business role. Now ask yourself what would be the additional cost and impact if everyone in your business lost their data, including the ability to use of their IT devices. This can help you and your business prioritise why you may need to improve existing processes and possibly investment in complementary data security methods and services to prevent becoming a victim of ransomware attacks in the future.
1) If you haven’t already, apply the MS17-010 patch immediately. We strongly suggest you patch the vulnerability first and foremost given the severity of the exploit. It could be harmful to your network and your organisation to leave this vulnerability untouched, when the threat is moderately high.
2) Deploy an Anti-Malware solution across your network and end-point devices that can identify, apprehend and block malicious payloads.
3) Disaster Recovery: Back up your data to your offline storage devices, since hackers/ cyber criminals will try to prevent targets from evading paying the ransom, and will try to compromise backup devices that can retrieve the targets data, preventing the ransom from getting paid.
Don’t know where to start and need some help securing your network? You can get in touch with me for a chat about ransomware defence strategies on 01332 821100 or get in touch Here.