Cyber Hostage-Taking: Petya Holds Physical Infrastructure for Ransom

CERT-LatestNews Security News ThreatsCybercrime ThreatsEconomic ThreatsStrategic Uncategorized VulnerabilitiesAll VulnerabilitiesMicrosoft

Eversheds Sutherland (US) LLP

On June 27, 2017, hackers struck vulnerable businesses around the world with a new version of the “Petya” ransomware. This major cyberattack has disrupted utilities, shipping companies, law firms and other businesses across the US, Russia, Europe and the Asia Pacific region. It continues to spread without regard to geographic or industry boundaries, and it has already impacted systems that control physical infrastructure like electrical grids and maritime ports, with the potential to cause far-ranging ripple effects to other essential services and the global supply chain.

This latest attack shows that cybersecurity threats are not limited to traditional consumer or financial “data rich” targets like banks, hospitals or insurance companies. Hackers are increasingly willing to target any company from which they can steal valuable trade secrets, cause disruption (if not destruction) or extract ransom. The companies themselves may not even be the direct target but rather a springboard to others or a move in a longer-term strategy, with the real end target being customers or vendors or serving a political agenda.

To address this growing threat, all industries and all companies need to undertake a risk analysis. They need to anticipate what is over the horizon, use informed judgment to mitigate the risks, and put procedures in place to help remediate them if—and even when—a crisis occurs. This risk analysis should take into consideration both direct attacks and the impacts of attacks on third parties and the infrastructure they rely upon.

Another point is the importance of updating software regularly. The new version of the Petya ransomware used in this round of cyberattacks incorporates the same “ETERNALBLUE” exploit used in the recent WannaCry ransomware attack that impacted hundreds of thousands of computers across at least 150 countries. Computers infected by the new Petya virus are rendered unusable. Upon booting, users are greeted by a screen demanding a $300 ransom payment in Bitcoin in exchange for access and control of their encrypted computer files.

Microsoft has issued a patch for one vulnerability point as of March 14, 2017 (eight weeks before the WannaCry attack took place); however, additional points of entry have been detected since the attack has come to light. Once more patches are available, all industries and companies would be wise to install them quickly. While there is no 100% solution against a determined and savvy attacker, the greater a company’s defenses are, the better off a company will be.

As a third point, it is important to realize that hackers may use ransomware attacks as a smokescreen to divert attention away from more sophisticated, simultaneous attacks, and other attackers may seize upon the opportunity that the distraction affords.

Ultimately, businesses can better protect themselves from these types of attacks by adopting a proactive, holistic approach to cybersecurity readiness. Doing so can help companies:

  • Anticipate where and when attacks are more likely to occur;
  • Make value-added cyber investment decisions based on the business’s particular risk profile; and
  • Improve resiliency to be able to recover quickly after breaches or disruptions occur.

This most recent attack also underscores the importance of detecting and understanding vulnerabilities, installing verified and legitimate critical updates as soon as they become available, and conducting training to increase employee awareness of cybersecurity risks. While an organization cannot be expected to eradicate all vulnerabilities in its system, having a plan in place can significantly reduce an organization’s cybersecurity risk.

[View source.]