What Can We Learn From The Latest Cyber Attacks

Last week the Petya ransomware attack took pretty much everyone by surprise. Landing just a month after the WannaCry outbreak Petya used the same exploit to infect Windows based systems. It seemed like a familiar story. But there are some major and rather worrying differences to previous attacks.

Petya was discovered in March 2016, with a further variant discovered in May of the same year. The latest attack struck on the 27th June 2017 with what initially appeared to be another new variant of the Petya Virus. Infections were reported in France, Germany, Italy, and Poland as well as in the UK. However, the virus primarily targeted Ukrainian infrastructure, including an electricity supplier, the central bank, state telecoms and an airport. Analysis shows that the virus mainly stayed in the Ukraine.

Following some further analysis, Kaspersky Lab dubbed this new variant as ‘NotPetya’ as it had major differences to previous variants. The main difference with this attack is that despite initial appearances this was not ransomware. The virus informed users that they could unlock their machines by paying a $300 ransom. However after expert analysis of the virus it became clear that the creators had no intention of restoring machines, in fact they couldn’t restore files. This virus was designed to wipe computers outright. This is the worst-case scenario for those attacked as there is no way of getting files back, even if the ransom is paid.

Once it had been established that the virus was a ‘wiper’ this started a lot of speculation as to who was behind the attack and why it was ‘disguised’ as ransomware. One possible reason to make the virus appear to be ransomware is to control the media narrative and disguise the perpetrators. Ransomware is usually instigated by cyber criminals for the purpose of profit generation. This is certainly the way that this attack was initially reported. However, there is evidence that this could have been a state instigated attack. Certainly the Ukraine Government believe that this was a deliberate act of ‘cyber war’ by Russia. Indeed, there are now calls for NATO to get involved. Russia has denied all involvement and denied carrying out any cyber-attacks on the Ukraine.

The Effects on Business

This is a (potentially) an act of war; an attack by one state aimed at crippling key economic and strategic targets of another so what has this all got to do with small business?

If you have been waiting to receive a parcel from TNT then this latest attack is already having an impact on your business as the multi-million-pound firm was put completely out of action by NotPetya – even the conveyor belts stopped. We’ve already experience increased costs and inconvenience with having to use alternative means to get goods delivered to customers.

This attack has caused serious disruption at large firms in Europe and the US, including the advertising firm WPP, French construction materials company Saint-Gobain and Russian steel and oil firms Evraz and Rosneft. The food company Mondelez, legal firm DLA Piper, Danish shipping and transport firm AP Moller-Maersk and Heritage Valley Health System, which runs hospitals and care facilities in the US, also said their systems had been hit by the malware.

When we talk about security some small businesses still ask the question ‘why would cyber criminals target us?’ Some do, there is no doubt about that, however as this case clearly shows you do not need to be targeted. As with any attack, a cyber-attack means collateral damage, so you can get infected even if you’re NOT targeted. These attacks are indiscriminate and are designed purely to cause disruption.

There is no way to get your files back via making a payment, if infected your files WILL be wiped.

So, what can you do?

At the risk of repetition here is are the very basics you need to be doing on your computers both at home and work.

Keep your operating system and ALL your other software up-to-date. And reboot your machine when prompted to do so, updates are not installed until the machine has been restarted.

Keep your anti-virus up to date and run regular scans.

Use secure passwords, change them regularly and don’t use the same password for multiple sites and/or applications.

Think before you click. Do not open email attachments from individuals or companies you don’t know, or click on links in unsolicited emails.

Back up your files regularly. And check that the back-ups work.

If, despite all the recent publicity, you STILL don’t think that cyber security is a serious business issue we’ll throw some stats at you from May 2017:

The number of web attacks was 1,266,000 PER DAY, the highest web attack activity since November 2015.

The number of new malware variants was 76.7 million

Email malware rates are 1 per 422 emails

Every business needs to take cyber security seriously, ransomware is only one threat. If you are unsure about your current cyber security arrangements we will provide a free, no obligation security assessment for your small business. Call us today on 01509 7980 704 or email info@your-itdepartment.co.uk