Latest update: It is now being reported that the virus may not be spread by email and the data suggests that Petya was deployed onto possibly millions of computers by hacking popular Ukrainian Accounting software “MeDoc” then using the automatic update feature to download the malware onto all computers using the software. All though MeDoc being the initial infection vector is unconfirmed this is the current development on the virus.
We are once again being reminded of the risks and impact technology has on our lives, with another major cyber ransomware attack now sweeping the globe and wreaking havoc.
Coming just months after the Wannacry attack that saw much of the NHS taken offline, the full scope of this latest outbreak has yet to be fully reaslised. Analysis has shown that this new outbreak, originally thought to be a replication of a previously seen Petya virus, is in fact a new ransomware and leading security, Kaspersky has named it NotPetya.
How it Works
Once a device is infected, it will spread itself (not unlike a biological virus) to all other connected devices. It is for this reason that any machine suspected of being infected, should be immediately be removed from the network and powered down.
It is our understanding, although built to exploit the same vulnerabilities as the previous Wannacry virus, (Thanks the NSA for leaking the tools) this new attack has a smarter and more sinister properties.
Once a device is infected, the virus embeds itself and attacks the Windows operating system. This causes the computer to crash and reboot displaying a Checkdsk message. (if you see this power off your machine and seek help)
At this stage, the virus goes much deeper than Wannacry and encrypts more files to a much stronger level than the previous attack.Your computer will then deliver a ransom message, demanding payment in Bitcoins to unlock your data. Be wary, from early reports It is also looking like the perpetrators of this new outbreak, are unwilling or unlikely to unencrypt your data even if you pay the ransom.
Who has been affected?
Although the source of the virus is not yet known this has already had a significant impact across the globe.
The list of organisations affected continues to emerge with the Chernobyl nuclear plant now manually monitoring radiation levels as servers were affected. Media and marketing giant WPP and subsidiaries were unable to work from around midday yesterday and companies as far as Australia are reporting issues.
In addition, ports, airports, medical facilities and government departments have been impacted, with the worst of the attack currently affecting the Ukraine, which reports many chains of petrol stations suspending operations and the metro systems unable to take card payments.
Who is at risk?
Like the Wannacry virus, it is looking like this only exploits Windows operating systems and those who do not update or install patches are at a much greater risk.Many of those being affected are industrial firms who are often very slow to update system or apply Windows updates, sometimes due to the operational requirements.
What can you do to prevent infection?
Whilst Cybersecurity companies and hackers play a game of cat a mouse to outwit each other there are a number of steps you can take to minimise your risks.
1 – Ensure you have a robust and reputable Cyber Security Software installed.
2 – Back up your data and files, preferably to two sources (hard drive and Cloud)
3 – Keep your device updated with latest security patches and system update
4 – Only have you machine sync to online software when required closing off any gateways to infection.
5 – If possible login and use your device with a guest account or with limited privileges rather than an administrator, this locks down access to certain system files used for infection.
6 – Remove plugins that may be unused or of no use – If needed your browser will prompt reactivation when needed.
7 – Adjust your browser security and privacy settings for added protection.
Once again, we find ourselves facing a new breed of criminal and social terrorism and one that is likely to steadily increase. These types of attacks can be profitable with reports of one South Korean company paying a million dollars to unlock files held to ransom. With success like that, the aspiring Underworld, will continue to invent or reinvent new ways to exploit us.
We must be vigilant and the time has come to finally take our cyber security seriously, something that has been shrugged off by many businesses for the previous few years.
If you would like to review or understand how you can improve your security call one of our specialist on 0114 361 0062.