Many SME owners fall into the trap of believing they are not a focus for ransomware and other cyber attacks because of their small size. However, it is this exact mentality that often makes SMEs the primary target of fraudsters.
Just a month after the WannaCry attack left businesses and government organisations around world, including the UK health service, in chaos, a new ransomware called Petya has been detected, which could prove as devastating, or even moreso, than its predecessor – particularly since Australia escaped largely unscathed from the WannaCry attack.
“The rapid pace of this new Petya ransomware attack points at another worm that can spread from computer to computer by itself,” explains Steve Malone of Mimecast.
“This new outbreak once again highlights the disruptive power of ransomware like never before. Simply by encrypting and blocking access to files, critical national services and valuable business data can be damaged.”
How to protect your business
“Unlike WannaCry which encrypts a computer’s files, however, the Petya ransomware encrypts a segment of the hard drive that renders the entire computer inoperable. Older legacy systems and critical infrastructure are particularly vulnerable to this attack,” Fortinet said in a statement issued in response to the new attack.
“The patch for this vulnerability was issued by Microsoft earlier this year. We advise organisations to update their systems immediately.”
IBM Security has the following advice for protecting your business from Petya and other cyber threats:
- Ensure systems are patched (MS17-010) and all antivirus programs are up-to-date.
- Determine if backup systems are effectively configured.
- Restore only from secure backups with known safe snapshots or re-image systems completely.
- Isolate any unpatched systems to prevent lateral movement of Petya.
- Verify effective monitoring of all critical systems and networks.
- Create or maintain regular reviews of privileged credential protection to prevent further access via legitimate tools across a network.
- Review incident response and contingency plans.
What to do if you fall victim to ransomware
According to Mr Malone, businesses caught by the attack should never “succumb to the pressure to pay the ransom to regain access to their applications and data”.
“There is no guarantee this will unlock files and further motivates and finances attackers to expand their ransomware campaigns,” he explains.
What you should do, if you find your network or devices are infected, is the same as the guidance issued following the WannaCry attack.
Why vigilance is the best protection
“The recent attacks associated with WannaCry and Petya have re-enforced the lack of accountability and focus on basic IT and security fundamentals. Core IT operational competencies, such as patch management, backups, disaster recovery and incident response, are not well implemented or maintained,” says Ross Brewer, vice president and managing director of international markets at LogRhythm.
“These are absolutely essential in protecting your company from damaging cyber threats and without them you are left in a perpetually vulnerable state, a sitting duck for these types of attacks, merely hoping that you aren’t compromised.
According to MR Brewer, such attacks are only going to continue in the future, and more businesses will fall victim due to lax oversight of their digital security parameters.
“Unfortunately, events like the Petya incident today and what occurred previously with WannaCry have been and will continue to be the normal state of things,” he says.
“A determined hacker only has to be right once. The odds are heavily in their favour with compromise likely, if not inevitable. As such, we need to stop focusing solely on defence and protection, and put more effort into monitoring, detection and response as true compensating controls to the mess that is IT today.”