Don’t become a ransomware victim

CERT-LatestNews Malware Security News ThreatsCybercrime ThreatsStrategic Uncategorized

Businesses must start getting the basics right to avoid becoming a ransomware victim, say IT security figures after the latest, Petya global cyberattack of ransomware; after the WannaCry attack in May.

Mike Simmonds, managing director, Axial Systems, a network services company, said: “This time once again many industries across multiple different countries were adversely affected, and temporarily crippled by the indiscriminate nature of the attack. It’s another painful reminder not only that security should be high up the list of priorities for all organisations but also that following frequently advised, but often ignored best practices is imperative at all times.

“These are not especially sophisticated attacks but what they do bring into sharp focus is the need for organisations to ensure – as an absolute priority – that they are adopting best practice approaches at all times. Many businesses simply are not doing this as a matter of course and that’s why consequently these attacks have the potential to be so damaging.

“This kind of ransomware is not especially new. It is exploiting known vulnerabilities. So, our advice to organisations above all else is to get the basics right: make sure you are bring keeping patches up to date, update your anti-virus software, limit network access and limit user privileges. It might seem like common sense but if you do all that, you’ll have a much better chance to avoid becoming a victim of the next attack.”

And Nicola Whiting, pictured, Chief Operating Officer of Titania, a British cyber security company, said: “Ransomware attacks typically use a scatter-gun approach and given the scale of distribution, the Petya ransomware is unlikely to be a targeted attack. When criminals push out ransomware, they’re rolling dice on a massive scale and seeing how lucky they get. Whilst big corporations and international firms have been ‘targeted’, the real goal may actually have been SME’s – the organisations with less security and IT resources to defend themselves.

“Given the similarity to WannaCry and the simplicity in stopping the malware from running – creating file named perfc, with no extension name and placing it in the C:\windows\ folder – it looks more like an opportunistic attack. Crime is a business, and like most businesses you want to leverage previously created assets. Rehashing the WannaCry ransomware, followed by mass distribution for multiple pay outs makes sound business sense.”

For more previously on the ransomware attack that hit Ukraine and elsewhere, visit

As for who might have been responsible, and their motivation, Malcolm Harkins, chief security and trust officer at Cylance said it was hard to say, but one could speculate it was someone “testing” for something larger. “It could also be someone wanting to bring attention to how vulnerable the world has become and demonstrate the lack of adequate security in organizations and the failed security solutions they have deployed. It could be organised crime who is monetising this in a different way than by using Bitcoin. It could be a variety of nation state actors trying to demonstrate to others they could cause harm if they wanted. Or it could be someone who is just wanting to create a little havoc for the world and they have the means to do it because the barrier to entry to unleash something like this are so low.”