Businesses must start getting the basics right to avoid becoming a ransomware victim, say IT security figures after the latest, Petya global cyberattack of ransomware; after the WannaCry attack in May.
For a legal alert from law firm Eversheds, that called on all companies to to undertake a risk analysis, visit the Eversheds website.
Law firm DLA Piper was among those affected by the malware; see their website.
Mike Simmonds, managing director, Axial Systems, a network services company, said: “This time once again many industries across multiple different countries were adversely affected, and temporarily crippled by the indiscriminate nature of the attack. It’s another painful reminder not only that security should be high up the list of priorities for all organisations but also that following frequently advised, but often ignored best practices is imperative at all times.
“These are not especially sophisticated attacks but what they do bring into sharp focus is the need for organisations to ensure – as an absolute priority – that they are adopting best practice approaches at all times. Many businesses simply are not doing this as a matter of course and that’s why consequently these attacks have the potential to be so damaging.
“This kind of ransomware is not especially new. It is exploiting known vulnerabilities. So, our advice to organisations above all else is to get the basics right: make sure you are bring keeping patches up to date, update your anti-virus software, limit network access and limit user privileges. It might seem like common sense but if you do all that, you’ll have a much better chance to avoid becoming a victim of the next attack.”
And Nicola Whiting, pictured, Chief Operating Officer of Titania, a British cyber security company, said: “Ransomware attacks typically use a scatter-gun approach and given the scale of distribution, the Petya ransomware is unlikely to be a targeted attack. When criminals push out ransomware, they’re rolling dice on a massive scale and seeing how lucky they get. Whilst big corporations and international firms have been ‘targeted’, the real goal may actually have been SME’s – the organisations with less security and IT resources to defend themselves.
“Given the similarity to WannaCry and the simplicity in stopping the malware from running – creating file named perfc, with no extension name and placing it in the C:windows folder – it looks more like an opportunistic attack. Crime is a business, and like most businesses you want to leverage previously created assets. Rehashing the WannaCry ransomware, followed by mass distribution for multiple pay outs makes sound business sense.”
For more previously on the ransomware attack that hit Ukraine and elsewhere, visit https://professionalsecurity.co.uk/news/interviews/another-ransomware-attack/.
As for who might have been responsible, and their motivation, Malcolm Harkins, chief security and trust officer at Cylance said it was hard to say, but one could speculate it was someone “testing” for something larger. “It could also be someone wanting to bring attention to how vulnerable the world has become and demonstrate the lack of adequate security in organizations and the failed security solutions they have deployed. It could be organised crime who is monetising this in a different way than by using Bitcoin. It could be a variety of nation state actors trying to demonstrate to others they could cause harm if they wanted. Or it could be someone who is just wanting to create a little havoc for the world and they have the means to do it because the barrier to entry to unleash something like this are so low.”
There is no 100-percent foolproof strategy for blocking cyberattacks, short of swearing off computers, email and the Internet, said Randy Gross, CIO of CompTIA, a US-based non-profit association for the IT industry. “But there are steps that can and should be taken to heighten defenses, starting with making sure that all systems are up to date.”
Robert Rohrman, CompTIA’s senior director of information services infrastructure, suggested installing vendor patches in a timely manner and having an update plan in place for all client machines. Far too many computers still run outdated operating systems like Windows XP and Server 2003 and simply do not have the proper security protocols in place to prevent ransomware attacks, he said. Even devices with newer operating systems can be vulnerable if security patches and software updates are delayed or ignored.
Rohrman said: “A globally managed update system for clients and server/hosted resources is the best way to gain visualisation into an enterprise.” He suggested IT managers have a system in place that provides a global view of the in-house systems and IT security situation so patches and fixes can be installed on multiple computers from one console.
But patching isn’t the only action against ransomware. Regular backup of data, stored off the primary computer, is another task. James Stanger, CompTIA’s senior director for product development, said: “You can depend on your own backup more than a vendor patch because you have control over the backup. Vendors can’t always get you the latest patch in time, which means that your systems could still be susceptible to zero-day attacks. Your system may have all of the updates the vendor has given, but an exploitable problem still exists.”
Stanger added that when you know your data is backed up, you’re less likely to feel pressured to pay a ransom because you already have what the cybercriminal is holding hostage. Finally, it’s critical for everyone from the receptionist at the front desk to the IT technician in the back office, and from the CEO to the account manager on the road – to learn and use good cybersecurity hygiene. Anyone who touches a PC, laptop, smartphone or tablet is a potential target of ransomware or other cyber threats, but threats can be lessened and security awareness heightened through regular education and training.
Seth Robinson, senior director, technology analysis, CompTIA said: “Companies consistently report that human error is the primary cause of security breaches. People don’t know, or are ignoring some of the basic security practices. The encouraging news is that we’re seeing a growing realisation among companies that their workforce needs to be educated about technology in general, and about security, specifically.”
