News, Security

Mimecast: Organisations should accept and prepare for Petya

Mimecast's chief security strategist Steven Malone
Mimecast’s chief security strategist Steven Malone

Email security specialist Mimecast’s director of security product management Steven Malone, has said that organisations need to be prepared for the reality that they may be hit by the Petya cyber-attack that has swept Ukraine and countries across Europe.

The attack initially hit a series of large Ukrainian companies, including government departments, the central bank, a state-run aircraft manufacturer, Kiev’s airport and its metro network.

“The rapid pace of this new Petya ransomware attack points at another worm that can spread from computer to computer by itself.

“Many commentators think WannaCry came from hackers in Russia, perhaps as an experiment that escaped early. Therefore it’s not too surprising that Ukraine’s critical national infrastructure has been crippled, while other firms in Europe may have been hit in the crossfire.

“A cyber resilience strategy that acknowledges that attacks are likely to continue and will sometimes be successful is required.”

Email has traditionally been the primary attack route for ransomware. Attackers often send Microsoft Office documents with malicious macros that download and install malware. This includes Word, Excel, PowerPoint and also PDFs.

Clever social engineering tricks employees into enabling the macros and delivering the ransomware payload.

“This new outbreak once again highlights the disruptive power of ransomware like never before,” Malone added. “By simply by encrypting and blocking access to files, critical national services and valuable business data can be damaged.

“Preventive measures alone can’t keep up with the fast-evolving nature of ransomware attacks and as this attack highlights, there are many ways for an infection to enter an organisation.

“Backup and recovery measures only work after an attack, and cost organisations in downtime and IT resources dealing with the attack and aftermath. You must be able to continue to operate during the infection period and recover quickly once the infection has been removed.”

Previous ArticleNext Article

Leave a Reply

GET TAHAWUL TECH IN YOUR INBOX

The free newsletter covering the top industry headlines

Send this to a friend