Meet the sequel to WannaCry, the wide-ranging ransomware attack that crippled businesses around the globe last month. A wave of ransomware attacks spread like wildfire on Tuesday. Many Microsoft Windows-based computers—specifically, ones not protected against a vulnerability in a Microsoft messaging protocol called SMB-1—began seizing up worldwide, locking employees out of their desktops, and displaying ransom notes.
This week's strain is known as Petya or Petrwrap, a highly sophisticated Russian strain, without all the errors that WannaCry contained, and no kill-switch. According to a tweet from anti-virus company Avira, the Petya attacks were taking advantage of the same EternalBlue exploit previously leaked.
Unlike most ransomware, the new GoldenEye variant has two layers of encryption: one that individually encrypts target files on the computer and another one that encrypts NTFS structures. This approach prevents victims computers from being booted up in a live OS environment and retrieving stored information or samples.
EternalBlue is the same exploit used in the WannaCry attacks; it takes advantage of a vulnerability in the SMB data-transfer protocol, and which Microsoft had patched back in March. However, whether customers apply that patch is another matter.
Security researchers from Kaspersky Lab reported that the ransomware hit Russia, Ukraine, Spain, France, among others. Several people on Twitter reported witnessing or hearing reports of the outbreak in their respective countries, and across a wide range of industries. Companies around the world also reported computer outages.
How to stay safe against these kinds of attacks:
- Keep computers and servers up to date -- newer versions of Windows and other software ensure your network is better protected
- Consistently and continuously patch and update -- Microsoft and other software vendors typically push out updates monthly
- Remove administrator privileges -- this best practice stops 95% of malicious software from running
- Protect your network in layers -- having a multi-layer security approach can help to stop these issues at various points. SPAM filtering can block malicious emails, firewalls can block malicious links, DNS filters can block negative traffic, AV software can block programs etc
- Backups, backups, backups -- not all backups are created equal. You need a proper backup and disaster recovery system that allows you to recover files from less than one hour ago.
While we were well prepared and kept our clients safe in this latest event, technology is never perfect. While your technology provider can implement a multitude of protections, they cannot protect against everything; making end user education, caution and diligence so important.
Find out why you should trust us to protect your business or organization from attacks like this.