Security consultant and solutions provider Help AG’s MSS architect and CSOC manager, Majid Khan believes resellers and systems integrators can play a critical role in aiding organisations that are impacted by Petya cyber-attack.
While the attack was first reported in Ukraine, Petya ransomware has further expanded to US and Europe where its victims have been made powerless to unlock their computers even if they pay the ransom, says Khan.
“It has caused serious disruption at large firms in countries such as Ukraine, Russia and France.”
The massive ransomware outbreak was reportedly caused by a malicious software update for M.E.Doc, which is a popular accounting software used by Ukrainian firms.
According to Khan, Petya was first reported in March 2016 and Tuesday’s outbreak is an improved version also referred as ‘NotPetya’ or ‘GoldenEye’.
“It is a nasty piece of ransomware and works a bit differently from any other ransomware or malware because it does not encrypt files on a targeted system one by one. Instead, it reboots victims’ computers and encrypts the hard drive’s Master File Table (MFT) and renders the Master Boot Record (MBR) inoperable, restricting access to the full system by seizing information about file names, sizes, and location on the physical disk,” he says. “Petya ransomware replaces the computer’s MBR with its own malicious code that displays the ransom note and leaves computers unable to boot.”
Khan says resellers and systems integrators can help in two ways – strengthen their customers’ security posture and help mitigate the impact.
“Fortifying their customers’ security posture to prevent such attacks in the first place is a vital step.”
According to Khan, this involves not only the implementation of end-to-end security solutions, but also the identification of vulnerabilities, development and implementation of policies and frameworks and addressing the human behaviour element through employee awareness initiatives.
“The second action is to see what can be done after an attack,” he says.
However, in the case of ransomware, unfortunately, there is little that can be done once a system has been infected.
“The use of strong encryption as we have seen with WannaCry and now Petya makes this virtually impossible. Instead, through services such as Managed Security Services, which delivers 24×7 Security monitoring, resellers like ourselves are able to identify an attack at the early stages and prevent its spread. This limits the impact and helps keep business on track.”