All you need to know about Petya Ransomware Attacks
Whether it was Captain John Miller in Saving Private Ryan or William Wallace in Braveheart, whenever these characters walked out to the war they were cautious to choose the right weapons of destruction with them. Similarly, whenever a security analyst encounters a cyber-attack they are always looking for the right ammunition to fend it off to safeguard the organization.
Seven weeks after the Wannacry attacks, an evolved version of- the Petya family of malware shook up the Cyber Security landscape when the attackers launched a cyber war. This new strain of ransomware attack created serious disruptions in critical services across Europe, including Ukraine’s Government facilities, electric grids, banks, and public transportation. As per various industry reports, this malware is spreading towards other countries including the US, Spain, Denmark, Netherlands and India. The previous cyber war the industry fought was the Wannacry attack which happened in May 2017 and affected 150 countries and more than 230,000 systems globally.
If we trace back the path of these high profile ransomware attacks, we can see that these two attacks were inspired by the revelation of the ‘Eternal Blue’ exploit by the hacker group ‘Shadow Brokers’ in January 2017. This Eternal Blue exploit was possibly developed and used by the US National Security Agency (NSA) which utilized the Microsoft vulnerability (CVE 2017-0144). According to the Cyber security experts, Petya is different from a regular ransomware, it is an attack on the windows systems where it encrypts the low-level structure of Master File Table (MFT) and consequently making the Master Boot Record (MBR) unreadable which finally doesn’t allow the computer to boot normally. A ransom message is displayed asking for 300 USD in bitcoins to access the decryption key.
All these attacks repeatedly remind us of the need for identifying the right ammunitions needed in this war to detect software vulnerabilities, prioritizing it and regular patch management in organizations to safeguard their crown jewels.
With the new age disruptive technology advancements, the threat landscape has changed drastically. These advancements have introduced new and improved methods of attack models including ransomware threats, Botnets, advanced persistent threats and DDoS attacks making it challenging for the organizations to maintain an efficient security posture. Lack of an integrated defense strategy and security posture will have a huge impact on the organizational reputation and customer trust.
How to maintain a ‘defense in depth’ strategy at this point of increasing Ransomware Incidents
As we have experienced, ransomware attacks are now increasingly becoming common in the last few years and the targets of these attacks are mostly businesses/ individuals, law enforcement and Government agencies, emergency services, health care agencies, educational institutions and financial institutions. In Wannacry and Petya attacks, we have seen the usage of a sophisticated network worm to exploit system vulnerabilities. The nature of this new generation of malware attacks has made security a part of the board room discussion. These two stories itself brings into limelight the significance of having an efficient and timely patch management program in place within any organization. Lack of timely patch management even after the Wannacry attacks has led many organizations to be the victims of Petya attack. Time has come for every organizations to review their overall security posture. Every organization must possess an efficient data classification strategy which segregates data based on its confidentiality, sensitivity with appropriate access controls in place. A need to keep a proper backup routine in place with storage of back up data outside the organizational network along with frequent review of software patch updates, anti-virus updates etc. has become mandatory. The organizations must prioritize the patching and updates on time to avoid any malicious users utilizing the system vulnerabilities to wage an attack. Awareness among the employees about the importance of following safe browsing etiquette while logged into the organizational networks is also crucial. Additionally, the organizations should communicate internally with the employees and partners about the company’s security posture.
As per the latest prediction reports by various analysts, Ransomware will remain a very significant threat until the second half of 2017. The industry has been busy in the first half fighting the war against Ransomware-as-a-service, custom ransomware for sale in underground markets, and creative derivatives from open-source ransomware codes. Not being specific to one industry or sector has forced the security industry to take decisive actions against the bad guys.
On one side the depth and the breadth of the new technologies are offering increased efficiency in business along with a wider range of new opportunities. However, on the flip side the pitfalls in the digital world are making the way for dreadful experiences like Wannacry and Petya attacks for organizations as well as individuals. Maintaining a defense in depth strategy with integrated Cyber Risk protection, Cyber Analytics, sharing of Cyber threat intelligence are few of the ammunitions the security analysts are looking for to fight and win the war against cyber-attacks. Are you prepared for this?
Read the latest whitepaper – Every CISO’S Guide to Cyber Risk Protection – 2017 Edition
Haren is a former Happiest Mind and this content was created and published during his tenure.
