Just weeks after the WannaCry virus affected hundreds of thousands of computers in 150 countries worldwide, the security threat vector grew even more frightening. On Tuesday, June 27, 2017, Petya was unleashed. While this Trojan CryptoLocker resembled a traditional ransomware virus in many ways, including its demand for $300 worth of Bitcoins for files to be released, it soon became apparent that Petya was “worse than ransomware.”
The Petya attack was initially targeted at computers in Ukraine, who likely suffered the worst impact. Countless individuals were impacted as the Ukrainian central bank, utilities and the airport were forced offline. Impact was global, and FedEx is one of many well-known corporations who’ve suffered significant financial losses due to the event.
Unlike true ransomware, Petya is not designed for a computer’s files to be decrypted and released after the ransom is paid. Instead, this “wiper virus” destroys data assets permanently. While your current risk of suffering from Petya is likely low, per Symantec analysts, this virus is a sobering reminder that today’s threats aren’t getting any easier to fight. Here are five ways to prepare your business for the state of information security in 2017.
1. Wiper Viruses Have Serious Impact
While wiper viruses, or viruses designed to permanently remove a user’s access to data, aren’t new, Petya is perhaps the most impactful example to date. Researchers at Kaspersky were unable to successfully decrypt data, even after tens of thousands of dollars in Bitcoin were paid according to instructions.
Paying ransoms to cybercriminals remains highly controversial, and the U.S. FBI does not currently advise organizations in decision-making. However, the lasting financial impact of Petya is a clear lesson that ransoms don’t always guarantee you’ll regain access to data.
2. Data Mapping Is Critical
It’s impossible to protect data that you’re not fully aware of. Accurate, comprehensive data mapping, when coupled with secure off-site backups can mitigate your risks associated with data loss. Not only is creating a complete picture of your sensitive data’s formats and locations an important tool for backup and risk planning, it may be legally required for your organization as a compliance measure.
3. Network Segmentation Isn’t Optional
In the cases of both WannaCry and Petya, infection spread rapidly through organization’s networks as the viruses worked to disable security tools. Network segmentation, the act of having multiple networks within your organization’s tech ecosystem, isn’t guaranteed protection against total infection, but it may mitigate the rate at which viruses like Petya can spread.
4. Patching Still Matters (Really)
In one of the more sobering realizations post-Petya, it became apparent that the virus was not dependent on a software vulnerability to unleash damage. While this fact is an important motivator toward comprehensive information security, it doesn’t diminish the importance of applying regular updates to software and systems. According to one Information Security pro, patching should be as “common as locking your doors” to mitigate risks of other widespread viruses.
5. Adopt Stronger Password Management Practices
Stolen and brute-forced credentials are a factor in countless information security incidents worldwide. While viruses like Petya are a sobering reminder that hackers are innovating quickly, 85 percent of incidents in the previous year fit just one of 10 patterns. Supporting positive password hygiene with two-factor authentication, user education and password management tools is too important to ignore.
Conclusion:
Comprehensive Information Security Is Your Best Bet Against Petya
While it remains unclear whether Petya was a politically motivated attack, this wiper virus is a strong message to global information security pros that a comprehensive approach to risk prevention matters. Best practices such as data mapping, patching, smarter password management and network segregation can play a crucial role in your fight against the cybersecurity threats of today and tomorrow.
Sources:
http://www.businessinsider.com/petya-petrwrap-cyberattack-companies-government-agencies-affected-2017-6/#ukraine-banks-airports-government-offices-power-grid-1
https://www.theverge.com/2017/6/28/15887496/petya-virus-not-actually-ransomware-analysis-shows
https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html
http://www.washingtontimes.com/news/2017/jul/19/fedex-warns-material-losses-cause-petya-computer-v/
https://www.symantec.com/security_response/writeup.jsp?docid=2016-032913-4222-99
http://thehackernews.com/2017/06/petya-ransomware-wiper-malware.html
https://www.fbi.gov/news/stories/incidents-of-ransomware-on-the-rise
http://searchsecurity.techtarget.com/feature/How-to-keep-track-of-sensitive-data-with-a-data-flow-map
http://www.computerweekly.com/news/450421669/Key-lessons-from-Petya-ransomware-attack
https://www.arbornetworks.com/blog/asert/patching-not-enough-stop-petya/
https://www.cimcor.com/blog/myth-busted-10-security-myths-the-2016-verizon-dbir-just-crushed
http://www.healthcareitnews.com/news/era-petya-wannacry-good-news-users-are-getting-better-about-passwords