In the last few weeks, computer networks around the world have been invaded by three destructive “ransomware” attacks, all of which work differently: WannaCry, Petya, and NotPetya all have common base components, but want different things from the networks they infect.
Once ransomware infects a system, there is very little that the system operator can do. The best approach is preventative, by employing a cybersecurity expert to make ransomware as difficult as possible to distribute in the network.
First off, a couple of definitions to help guide you along. “Ransomware” is a particularly malicious computer virus that holds a system “hostage” by encrypting the system’s data, and then demanding a ransom, usually in the cybercurrency bitcoin, for an encryption key to unlock the data.
Ransomware can be downloaded onto a system a number of ways, but usually through what is called “phishing”, in which an employee opens a suspicious email which contains a link to the virus that infects the system.
Some of the code that went into these three viruses was originally developed by the US National Security Agency (NSA) to attack foreign power grids, so these attacks are very powerful and have a nasty intent. The recent documentary “Zero Days” looks at some of this, and if you would like to be very scared of these things, watch that doc: http://www.zerodaysfilm.com.
The first of these worldwide attacks, in May 2017, was called WannaCry. It was primarily downloaded to Windows computers which had failed to be updated (yes, that’s a warning). WannaCry affected over 200,000 computers in 150 countries, but was stopped by one person who looked at the code and found its “off” switch.
In late June, the Petya malware attacked around the world (although earlier variants were in the wild since at least 2016). This major Petya attack (also called GoldenEye) also concentrated on Windows computers, and hit thousands of targets, even shutting down shipping giant Maersk. Petya works by blocking access to the entire system, rather than previous ransomware that only encrypted a select set of files. It also ran multiple infection options, rather than just riding on the NSA computer worm. For several technical reasons, this virus remains a problem.
NotPetya, which attacked in early July, pretends to be ransomware, but experts have found that it is a virus intended to just disrupt systems and cause as much chaos and pain as possible. Hackers think this is funny. You probably won’t, if it happens to you.
BTW—don’t feel safe if your system is not Windows-based. Any system running any operating system can be attacked from anywhere—an email clicked onto from a secretary’s Windows computer can download that virus onto the rest of the system, no matter what the OS is.
Do not wait until it’s too late. The only advice after an attack is “don’t pay,” and begin to try to reconstruct your system.
There are ways to prevent ransomware attacks, and Kimmell Cybersecurity knows them all. Give us a call, and we’ll check out your system and make you as safe as possible in a very dangerous world.