New Ransomware Warning For Tuesday, June 27, 2017
A new ransomware outbreak is shutting down major computer networks across Europe, Ukraine and Russia on Tuesday. The impact in the U.S. hasn’t been fully determined yet but it appears that the malware started in Europe and may still be spreading to American companies.
The attack causes computers to stop working by encrypting data stored on the computer and then locking the computer hard drive. It then displays a ransom note demanding $300 payable in Bitcoins. This exploit has been able to evade some of the best security systems in the industry so no one should consider themselves immune. The widespread attack affected global and national organizations including the Ukrainian National Bank, British advertising firm WPP and logistics company Maersk.
A variant of the Petya ransomware, which has been around for more than a year, is being blamed for Tuesday’s global attack. Petya is a vicious form of the virus that locks a computer’s hard drive as well as individual files stored on it. It is harder to recover information from computers affected by this ransomware. It can also be used to steal sensitive information.
However, security experts Kaspersky Lab released a conflicting report that said the ransomware was not related to Petya but was in fact a new program it called NotPetya.
It’s too early to definitively attribute a proper name to the culprit but the damage it is inflicting is causing major problems around the world.
How does this differ from the WannaCry outbreak of a few weeks ago?
Initial reports indicate that the program may have spread in a similar way to the WannaCry attack that hit hundreds of thousands of computers including the NHS earlier this year. Like WannaCry, Petya could have used Eternal Blue, a tool created by the National Security Agency and leaked online by the Shadow Brokers that exploits a problem in Microsoft’s software.
For now, make sure all of your computers and servers are fully up-to-date with security patches and updates and insure that your anti-virus gateways on your firewall. Also make sure that your local A/V programs on your computers are being updated in real time and no signature file is over 1-2 hours old!
If you’re one of those unfortunate people who back up their computers to portable hard drives that are connected to your computer or network, disconnect it immediately just in case the malware has the ability to encrypt your backup data too. Backup devices should NEVER remain connected to your computer or network. A copy should always be kept in encrypted format off-premises.
If you need help improving your backup system, give ACT a call at (847) 639-7000. We’ll be happy to guide you to a more secure data protection process.
