Warning: Just Another Multinational Cybersecurity Attack

June 29th, 2017 by admin

A month and a half ago, Wannacry Ransomware spread across more than 100 countries causing global distress. Now just 47 days later we are already facing another multinational attack. Cyberattacks are growing in both number and power. It’s more important than ever for businesses to be proactive when it comes to their cybersecurity. Meet the new Petya/NotPetya/ExPetr/Petna cyberattack. (It has a lot of names.) According to USA Today, the malware has already spread to 65 countries including Ukraine, Russia, Brazil, and the US. The attack began in Ukraine on Tuesday and hit hard attacking over 12,500 machines. A ransomware message appeared on infected devices informing users that their information had been locked. The message demanded $300 in bitcoin to be paid as ransom for their data. The payment method was connected to an email hosted by Posteo that has since been shut down, preventing the hackers from collecting their money. This also prevents users from being able to pay and recover their data, although some researchers are claiming that the code used in the Petya/NotPetya attack never had the ability to restore the data anyway and was only designed to cause damage and delete files. The malware was originally thought to be a “new version of an older threat called Petya,” but it was soon proved to be something different and only to have borrowed some of its code from the previously known Petya malware. Kaspersky Lab then dubbed the attack NotPetya and from there stems the confusing stream of Petya/NotPetya names. According to Symantec Security, the NotPetya malware is using the same EternalBlue exploit that WannaCry Ransomware used a month ago. (Microsoft released a patch for this weakness back in March.) Although they still have not found a killswitch for the attack, they have discovered a vaccine. Bleeping Computer reported that the malware would search for a certain file called “perfc” and would stop its encryption if that file already existed. For more information on this vaccine, including how to create it, check out their website here. Equinox Response We aggressively monitor patching for all of our clients to provide the best security. These patches prevent ransomware like WannaCry and NotPetya from slipping through the cracks in your network. Our teams heard about the NotPetya attack shortly after it began and continued to follow news updates to ensure that all of our clients were safe. Just to be on the proactive side we have also created the vaccine perfc file for all of our 1-LINK clients. We believe that the best security strategy is to be proactive. It’s easier to prevent a security problem than to clean up after one. The following security measures can’t afford to be overlooked anymore:
  • Make sure your patching is consistently up to date
  • Have a business-grade firewall and anti-virus in place
  • Have a thoroughly tested backup and disaster recovery plan 

Posted in: Protection, Security, Case Studies