Features, News

Petya ransomware: Can we be safe?

The latest ransomware attack, an offshoot of Petya dubbed by security researchers as “NotPetya” and “GoldenEye” is wreaking havoc across the globe, crippling computers in its wake. Though the Middle East has not reported any infections yet, we reached out to some global and regional industry experts to find out how safe are we from this latest outbreak.

 

The impact on Middle East will be know by tomorrow as the region is just returning from a long holidays. However, the impact might not be as high as everyone have been alerted and companies are advising their users to be extremely vigilant and look out for emails from unknown senders or any other suspicion online activity. If you have been infected by the Ransomware and your device has been rebooted and showing the Ransomware message there is not much that can be done at the moment. There might be a decryptor in few days or weeks. We highly advise against paying the ransom as it only encourages and finances future attacks. However, if you have not been infected yet, a vaccination method for Petya has been issued which can help the spread within the networks. And obviously,  the best prevention is consistent cybersecurity assessment, testing and training is the only solution to mitigate future attacksAmir A. Kolahzadeh, CEO, ITSEC

 

Like WannaCry, Petya is targeting a vulnerability in older Windows systems called EternalBlue. One of the best things you can do to protect yourself from these attacks is to download the patches Microsoft provides during updates. Microsoft released a patch to protect against the vulnerability on its Windows XP system in March. Earlier this month, it issued more patches for older Windows operating systems, citing the “elevated risk for cyber-attacks.” Also, you have to note that yesterday’s attacks are all professionally orchestrated and no single solution can help you stop or block; you need to have full visibility of the entire life-cycle of the attack with the right solutions in place you or will NEVER be considered secure Jude Pereira, MD, Nangjel Solutions

What we are seeing now are two additional exploits being added to the family of ransomware threats. With Wannacry, we saw ransomware designers for the first time combine ransomware with a worm to speed its delivery and expand the scale and scope of the attack. And now, with Petya, we see the addition of targeting the Master Boot Record to up the ante on the consequences of failing to pay the demanded ransom, from simply losing personal files, which may have been backed up, to potentially losing the entire device – Kalle Bjorn, Director of Systems Engineering, Fortinet

 

This latest wave of what looks to be ransomware is just another example of the real-world threats encountered by organisations, governments and countries all over the world. These attacks are upping the ante, as they hit services that affect people’s day-to-day activity; such as healthcare, postal services, and transport services. While the reported ransom demands of $300 to release the encrypted data seems low, this will scale up very quickly. The more concerning issue is how national infrastructure is being impacted. There is no easy solution to eradicate ransomware, but when the dust settles, the source of the compromises needs to be determined and remediatedTaj El Khayat, Director for the Gulf, Levant & North Africa Region at F5 Networks

 

The cyber-attack appeared to target Ukraine’s power grid, banks and government entities.  This is also a high threat to the UAE and any country in the ME as any loss in data and revenue including the disruptions in services ,which have been experienced by the other countries, will be felt the same in the region.   However, the impact could be much more as the biggest producers of oil are based in this region – Irene Corpuz, Planning & Security Section Head, Abu Dhabi Govt entity

 

Clearly the malicious forces behind this and other recent attacks, continue to be one step ahead of threat detection software, so if your systems and data is held to ransom the only true means of recovery is to be able to revert back to data from the last backup before the infection. When files are encrypted and corrupted by a ransomware attack, cloud sync and share tools aren’t something you can rely on either, because the sync facility means cloud files are as infected as their originals. The other issue is that these cloud services, especially free or those targeted at consumers, typically don’t cover all of your data and may not always have retention policies that pre-date the attack. The best option, to insure against data-mincing malware, is an in-house centrally managed backup solutionNigel Tozer, Solutions Marketing Director, Commvault

 

 

Consider blocking the Microsoft PsExec tool from running on users’ computers. You can block it using a product such as Sophos Endpoint Protection. A version of this tool is used as part of another technique used by the Petya variant to spread automatically. Back up regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands – Harish Chib, Vice President Middle East & Africa, Sophos

 

Machines using the Windows operating system are most commonly targeted by ransomware, simply due to the fact they have the biggest market share in the world. This doesn’t mean that there is no ransomware for iOS or Android. Here are a couple of simple steps everyone could take to prevent attacks: don’t use pirated software, always update your system and security programmes, and never open or download files you are not 100% sure aboutPiotr Majchrzak, CEO of XSolve

 

 

So far, Petya is primarily impacting organisations in Europe, but it is possible that we will see some infections in the Middle East. Symantec recommends that the victims do not pay the ransom as it’s unlikely you’ll ever get the key to decrypt your files. It is also worth noting that, the email address given by the attacker has been suspended, therefore it is unlikely that a decryption key would be distributed even if a user paid the ransom – Candid Wueest, Threat Researcher at Symantec

 

Petya attack looks more like a disruption rather than ransom. Those businesses which missed to update the patches and had not taken preventive measures might be more prone to latest malware. I suggest to create a culture of cyber security and this must be every employee;s responsibility – Mohammad Shahzad, CIO, RDK Group

Previous ArticleNext Article

1 Comment

Leave a Reply

GET TAHAWUL TECH IN YOUR INBOX

The free newsletter covering the top industry headlines

Send this to a friend