McAfee’s chief technology officer has said that Petya is a natural evolution of the WannaCry ransomware attack – and that worse is to come from the ever-changing threat.
“We believe that these events are part of the natural evolution of ransomware technology, but also a test-run for a much bigger and bolder attack in the future,” Grobman said.
“Ransomware initially targeted individuals through phishing or other infection techniques that required user interaction. While profitable to the cybercriminals, campaigns took time to reach scale. WannaCry took ransomware to the next level by introducing worm-based compromise of machines.”
A worm is a malware technique where one infected computer can attempt to find and infect other computers that have a known vulnerability.
As machines become infected, they become part of the worm and work to infect additional machines.
WannaCry took advantage of a vulnerability in Microsoft Windows, along with an exploit that enabled it to not only spread through a worm technique, but also encrypt files and demand a ransom from its victims.
“The unique element of Petya is that it builds on the worm-based technique that WannaCry established and added a new element that allows non-vulnerable machines to become infected as well,” Grobman added. “It does this by also stealing credentials from machines that it infects, which allows the stolen credentials to be used to infect fully patched machines. This hybrid approach drastically amplifies the impact and scale of the attack.”
Grobman believes that a coherent backup strategy is needed to survive the next wave of cyber-threats. “To prepare for the next generation of ransomware attacks, it is imperative that organisations patch all systems aggressively against known vulnerabilities, establish a secure architecture that utilises advanced cybersecurity defence technologies and execute a comprehensive data back-up plan for their organization.”