The still active NotPetya ransomware attack has a déjà vu feel about it – like a Hollywood sequel that is far from original, but one that everyone rushes to see anyway.
Like the original WannaCry attack, NotPetya (or GoldenEye) has spread quickly, internationally and has left rich corporations with one, very weak way to respond: turn everything off.
Indeed, as Paul Mills, group sales director at Six Degrees Group suggested, “The pattern emerging from these recent attacks is the speed at which they spread and the extreme vulnerability of IT systems on an international scale. But the idea that large multinational businesses are limited to turning off their computers as their immediate defensive measure is simply not credible for organisations with the resources to protect themselves far more effectively. It only underlines the point that the only suitable defence is improved, proactive protection, and organisations are going to have to raise their game to give security the emphasis it needs.”
But this time round, there are some major plot twists. Instead of attacking individual files, the attack targeted entire hard drives for potentially greater disruption. It also seems that the kill switch, which brought WannaCry to a rapid standstill has – as predicted – been removed by the attackers. Additionally, it seems that the perpetrators were just out to cause chaos instead of making money.
Gary Watson, founder and VP of Technical Engagement at Nexsan, noted the extremity of the threats now facing business: “This latest cyber attack comes hot on the heels of the WannaCry ransomware attack which was dubbed one of largest hacks to date with over 150 countries affected. Currently airlines, industrial businesses and banks across Europe are unable to access data yet the extent of this attack is still unclear. Organisations cannot just rely on patching up security pitfalls and this attack forces us to revaluate our IT strategies.
>See also: Ransomware attacks will continue to rise
“A full comprehensive IT and DR plan needs to be put in place to prevent attacks from causing any amount of downtime. In this case, organisations will either be required to pay the ransom or continue business operations without the use of computers – this is a dilemma no organisation wants to face. It is imperative for businesses to take measures to arm themselves with a second line of defence that protects data from corruption and deletion, minimising the impact of these malicious cyber attacks.”
It remains to be seen how bad the situation gets, but Nigel Tozer, solutions marketing director at Commvault said that “The only reliable defence against the recent Petya ransomware attacks, is backup. Clearly the malicious forces behind this and other recent attacks, continue to be one step ahead of threat detection software, so if your systems and data is held to ransom the only true means of recovery is to be able to revert back to data from the last backup before the infection.”
“When files are encrypted and corrupted by a ransomware attack, cloud sync and share tools aren’t something you can rely on either, because the sync facility means cloud files are as infected as their originals. The other issue is that these cloud services, especially free or those targeted at consumers, typically don’t cover all of your data and may not always have retention policies that pre-date the attack. The best option, to insure against data-mincing malware, is an in-house centrally managed backup solution. Whilst reverting to the backup prior to the infection might mean losing a limited amount of data, it is nominal compared to the impact of losing all your data permanently.”
Jake Madders, director at Hyve Managed Hosting concludes that businesses need to take a “more proactive action to protect themselves – three strategic steps will make a huge difference: They need better user education to improve the human factor in their security strategy, they need a better level of technology protection to prevent vulnerabilities from being exploited and they need a much more effective way to recover and restore their systems. The hardest part is getting this all pulled together, but in a world where more companies are outsourcing IT, an MSP can fill these gaps.”
The UK’s largest conference for tech leadership, Tech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here