In late June another ransomware virus, named Petya, similar to the recent WannaCry attack, spread across the globe, affecting many countries, notably Ukraine and such neighours or near-neighbours as Poland and Serbia.
The UK official National Cyber Security Centre (NCSC) has online guidance on how to prevent a ransomware incident, and what to do if your organisation is infected.
The shipping firm Maersk for example reported that it was hit across sites and business units. It had shut down a number of systems and contained the issue and was ‘working on a technical recovery plan with key IT partners and global cyber security agencies’.
Dan Panesar, VP EMEA at Certes Networks, an encryption product firm, said: “As with the recent WannaCry hack, the truly concerning element of the latest cyber-attack, which has taken down the IT systems of companies across the globe is its sheer scale.”
Graham Rymer, Research Associate at the University of Cambridge and one of the founders of the Cambridge2Cambridge cyber competition, said: “Unfortunately, these types of ransomware attacks are inevitable. Businesses and organisations should always have a plan in place in how to respond to these attacks quickly and efficiently to contain the situation. Firms need to take actions such as quickly switch all drives in the system to “read-only” following the attack, which essentially prevented the malware from doing real damage.
“Signature-based malware detection is only effective against known malware. The attacker will always win on the first roll of the dice. But once more information about the ransomware is known and has been shared with cyber security experts and companies, they should be able to build a patch which defends against this specific attack.”
Ross Brewer, vice president and managing director of EMEA at LogRhythm said: “With WannaCry still so fresh in our minds, this follow-up attack proves just how real this is all becoming – and the worst is probably yet to come. These public outings of large, high-profile attacks are becoming more frequent, faster-acting and more damaging. Essentially, every organisation, regardless of size or industry, is vulnerable. As security vendors, we are often criticised for fear mongering and exaggerating the possible consequences of a cyberattack – but I think we can agree that recent events are starting to show that the warnings were warranted. These attacks, which are targeting our top businesses, banks, healthcare institutions and other critical national infrastructure, are revealing the chaos that ensues when organisations lose control of their data – is it now time for governments to start treating such sophisticated cybercriminals as terrorists?
“Organisations absolutely must accept the fact that determined hackers will eventually to get into their networks – there are no two ways about it. As such, we need to stop focusing solely on defence and protection – and put more effort into monitoring, detection and response. As with WannaCry, this should be a clear and early warning to other organisations to start upping the protection and getting in order now, as this attack is once again escalating extremely quickly – and preparedness will be key. Unfortunately, events such as this are becoming the ‘new normal’, and as incoming legislation such as GDPR [the EU-wide general data protection regulation, also due in the UK, by May 2018] moves even closer, the stakes have never been higher and the need for intelligent security solutions that provide deep, consistent network visibility has never been clearer.”
At cyber insurance provider CFC Underwriting, Graeme Newman, Chief Innovation Officer, described such ransomware as the tactic of choice for cyber criminals. The cost of the ransom can actually be minimal compared to the cost of the ‘clean up’ operation, and business interruption, he added. He said: “We had an early warning shot last month as WannaCry spread like wildfire globally. However, in actual terms, it inflicted relatively little damage. Petya, however, seems to be different. This new breed of ransomware looks much more dangerous, already causing chaos for businesses around the world and early indications suggest that this could cost organisations ten times more than WannaCry.”
Itsik Mantin, director of security research at Imperva, said: “These increased attacks point to the need for solutions like artificial intelligence and machine learning. Often the output of today’s cyber security products is overwhelming amounts of data and alerts for the security team to sift through and act upon. These solutions are programmed to learn as much as they can about any given situation. Theoretically, a properly programmed piece of AI software could perform the same preventative and analytical security measures as a member of the IT staff in a fraction of the time.
Machine learning technology is already employed in the detection of malicious mail messages and malware, two of the main infection vectors of ransomware. However, it is a race in which the attacker is often one step ahead of IT. IT needs to win all the battles in order to win the war against the attackers who only need a single successful attempt at access to win.”