For the second time in as many months, hackers have unleashed a massive ransomware attack targeting thousands of computer networks across the world.
The latest attack, nicknamed the GoldenEye strain of Petya ransomware, began on Monday June 27 and continued to unfold into Tuesday June 28, officials said. Investigators suspect it originated in the Ukraine in an attempt to extort money from owners of affected systems into paying ransom money to release their crippled technology. The attack took advantage of a Windows PC’s ability to quickly spread corrupted files across a vast computer network, investigators said.
The latest ransomware attack comes just a month after another similar incident, nicknamed WannaCry, locked up more than 200,000 computers.
Petya is slightly different from the previous WannaCry attack in that it does not contain the kill switch functionality that helped prevent WannaCry from affecting more computer networks than it did, officials said. Instead, Petya uses the EternalBlue exploit to spread malware from system to system using compromised credentials from previous infections and administrative tools such as psexec and WMI. Therefore, a single unpatched system can cause multiple systems inside the same network to become compromised.
Petya works by encrypting the master boot record of affected machines, instead of encrypting the files on a computer and leaving the operating system intact, rendering affected machines unusable. In some cases, investigators said even paying the ransom to the cyber criminals does not allow victims to recover files from compromised machines. For this reason, officials urge those affected not to make ransom payments in this or any ransomware attack.
Facing the Realities
Brad Taylor, Proficio CEO, said the recent ransomware attacks force companies and organizations to face the fact that they are under the constant threat of attack from anonymous cyber criminals.
“Attacks like Petya and WannaCry are making organizations face the realities of today’s cyber threat landscape,” Taylor said. “Hackers are constantly seeking and exploiting vulnerabilities across all enterprise resources; your people, processes and technology are all targets to advanced cyber criminals.”
Employing monitoring and alerting as part of a fully managed security operations center as a service to detect and respond quickly to an emerging threat like GoldenEye is the key to preventing widespread damage, Taylor continued.
“Accurate monitoring can allow your organization to proactively identify the early stages of an attack and more efficiently halt suspicious or high risk behavior,” Taylor said. “Most breaches only take 30 minutes to compromise an entire system, so while prevention is paramount, attackers will continue to find the cracks and stopping attacks earlier in the ‘kill chain’ can minimize the impact of a hack once a network is infected.”
Tips for Avoiding Ransomware
John Humphreys, Proficio Senior VP of Business Development and Alliances, said organizations must use a multi-pronged approach to stay secure in today’s fast-changing cybersecurity space. The latest ransomware attack proves that “not everyone learned the lesson from WannaCry,” Humphreys said.
“First, patch vulnerabilities,” Humphreys said. “Second, monitor for indicators of attack or compromise and rapidly respond. Third, protect your endpoints with next-generation security that can identify ransomware and stop it. Lastly, back up.”