The headline-grabbing nature of WannaCry put just about every IT and security team in reaction mode. Just one month after the WannaCry outbreak, many companies find themselves reverting to reaction mode as the next batch of ransomware spreads across the globe—this time from the Petya family variant.
In a matter of hours, the new Petya ransomware spread its way across 65 countries. While WannaCry and Petya aren’t the first versions of ransomware, they are a new breed of ransomware, ones that use powerful exploits to enable rapid propagation within and to new organizations. At Roebuck Technologies, we strive to stay abreast of each new ransomware outbreak and how it can affect our clients’ businesses. Don’t know what Petya is or how your business can stay protected? Here is your guide.
What is Petya?
Petya ransomware is part of a new wave of ransomware attacks that has hit computer servers all across Europe, particularly in the Ukraine and Russia. It is hijacking computer data, infecting and encrypting all the user’s files and displaying messages demanding a Bitcoin ransom worth $300. With most ransomware strains, victims who do not have recent backups of their files are faced with a decision to either pay the ransom or permanently lose their files.
This new strain has worked its way around the world at alarming speed. The ransomware spread using a vulnerability in Microsoft Windows that the software giant patched in March 2017—the same bug that was exploited by WannaCry. Microsoft released a patch for the Eternal Blue exploit, but many businesses put off installing the fix. Many of those that procrastinated were hit with the WannaCry ransomware attacks in May, and may still be vulnerable. The first hit were government and financial institutions in the Ukraine, which metastasized to about 2,000 computer systems around the world.
How to Protect Against Petya
Luckily, there are various safeguards we can take to protect our clients from Petya.
Patch, Patch, Patch
The best ways to protect against these attacks is to stay as up to date as possible with patches and educate all users. Petya, like Wannacry and so many other attacks, relies on outdated patches to infect systems and propagate into new systems. However, Petya went one step further by having the ability to propagate to fully patched systems once it got into your environment. This means that a single, low-value system missing a patch can serve as an entry point and allow the ransomware to infect fully patched, higher-value systems. In the end, patching is only as good as your weakest link—meaning companies need to be more vigilant than ever when patching their systems.
Realize the Difference Between Owning Security Tools and Using Them
The reality of both Petya and Wannacry is that even if you weren’t patching, basic security tools that most organizations own—such as antivirus and other endpoint protection tools—would prevent any damage from these attacks. But how did so many organizations get impacted? The answer is simple: they, like many organizations, lacked adequate management of their security tools.
Investing in security tools is a great step towards securing yourself, but realize that installing these tools without any ongoing management is like owning a car you never fill up with gas. It might look good in your driveway but it isn’t able to do what it was designed to do.
Understand the Limitations of Basic Protection Tools
These attacks are a scary reminder of the changing threat landscape—one that is especially impacting small- and medium-sized businesses (SMBs). SMBs used to be able to safely assume that the advanced attacks would be focused on large corporations and governments because there wasn’t enough to gain using these mechanisms against them. However, with these recent attacks we all need to realize how that reality has shifted.
These attacks focus on a volume based mentality: getting small amounts from lots of people, versus large amounts from a single company. They use very powerful exploits, created by government intelligence agencies, to allow them to have broad-based, unfocused attacks that are just as likely to cripple a Mom and Pop Shop as a multinational bank.
While antivirus and firewalls are incredibly effective in reducing risk, many companies need to think about increasing the security solutions they have in place. Roebuck Technologies can put technologies in place to detect and respond to threats and breaches when they do penetrate their defenses but before they have a chance to do harm. Additionally, companies must implement a proper, reliable backup and disaster recovery (BDR) solution such as what Roebuck offers, with online and offline backup solutions as the ultimate failsafe against successful attacks.
Bottom Line
This Petya ransomware outbreak is yet another reminder that the threat landscape is continually evolving and growing more sophisticated. While there are many unknowns, there are some basic steps you can take to reduce the risk of cyber attacks.
Here at Roebuck Technologies, we continue to work with our partners and the overall industry to protect our own environment as well as the environments we manage. We’re happy to say that with our tools and processes, none of our clients were impacted by WannaCry or Petya. Moreover, we will continue to be vigilant in our efforts to keep our clients protected against the next possible threat.
