Another Week, Another Ransomware Attack — Here’s How to Avoid it and Keep Your Data Safe
Last week, less than a month after the WannaCry ransomware attack infected more than 250,000 computers in 150 countries, security experts announced new revelations about a new attack that originated in Ukraine and spread to Russia, Poland, Italy, Germany , France and Spain , and the United States, along with almost 60 other countries.
This attack began with a specific target: 12,500 computers running older versions of Microsoft Windows and software from MEDoc, a Ukraine-based accounting firm. Several private companies, including American pharmaceutical giant Merck, Danish shipping company AP Moller-Maersk, British advertising company WPP and TNT Express, a global subsidiary of FedEx, were then hit with a red-text message on a black screen: “Oops, yours important files have been encrypted. If you see this text, your files are no longer accessible because they have been encrypted. You may be busy recovering your files, but don’t waste your time.”
However, what made this attack significantly different from previous attacks was the “time-wasting” part – within a few hours, the hackers’ email address used to collect the bitcoin payment required as a ransom was shut down, reducing their ability to communicating with victims and recovering them, access to encrypted data was eliminated. As many bewildered security experts speculated, the hackers failed spectacularly when they launched their attack to make money.
Instead, some theories suggest that the attack was disguised as ransomware but intended to permanently erase as much data as possible on as many hard drives as possible. Kaspersky Lab researchers speculated that it was a “wiper” attack that used the media hype surrounding ransomware as a ruse to gain attention. Still, this attention is needed to stem the tide of ransomware, one of the most proven cyberattack vehicles.
Ransomware relies on locking a victim out of their own files until they pay a certain amount for a decryption key. Security researchers estimate that cybercriminals made more than $1 billion from ransomware attacks last year, with targets ranging from Fortune 500 companies to independent small businesses and even individuals. But the WannaCry attack and this last one, which are alternately referred to as Petya, NotPetya, ExPetr, and GoldenEye, together raised just $100,000.
Both spread by combining traditional ransomware attacks with an operating system vulnerability that remains open unless Microsoft Windows software updates are installed. This allowed attacks to rapidly escalate, taking advantage of individual unprotected computers and then infecting devices across any connected network. The global spread of WannaCry was hampered by a ruthless security researcher who registered a $10 domain name and immediately stopped the attack. Last week, a German email provider blocked the address associated with ransom payments, stopping the so-called Petya attack within a day.
Regardless of whether ransomware is designed to make money or just to wreak havoc, stopping it is the number one goal for businesses big and small. CMIT Solutions has extensive experience in protecting its customers from such incidents, and our 24/7 monitoring and maintenance solutions went into action last Tuesday to provide immediate protective measures for all customers at risk of infection. Here’s what we suggest to protect your business:
Ensure that all software patches and security updates are properly deployed.
WannaCry and Petya both exploited a publicly known vulnerability in older versions of Microsoft Windows. Any company with a trusted IT partner would have deployed this patch earlier this spring. Additional precautions were also taken after WannaCry. But in Petya’s case, even a vulnerable system could have shut down all protected systems connected to the same network, which is why comprehensive security is so important.
Although the two most recent global ransomware attacks were not distributed via the standard phishing email method, one misguided click on an illegal link or malicious file is enough to compromise an entire organization’s computers. Training your employees to quickly identify and avoid suspicious emails is a foundation of online security.
Always back up your data.
Creating regular, redundant, and remote backups of your critical business data is one of the most important security measures you can take to ensure continued success. While there are free solutions on the open market that may indicate they will back up your entire computer, the surest way to avoid ransomware attacks, virus infections, or data breaches is to have reliable data backup performed regularly by a trusted IT provider to prevent your business from hitting commissions. Oh, and make sure your backup retrieval procedures are well reviewed and regularly tested – if your data is lost, you want to be able to recover it quickly in the event of a cyber attack or natural disaster.
At CMIT Solutions, we go the extra mile to protect our customers’ data, devices and digital identities. As ransomware evolves and hackers develop new tricks to bypass standard antivirus and firewalls, our 800 employees across North America work day and night to provide new defenses and new strategies for IT success. If you want a trusted partner to take care of your technology, contact CMIT Solutions today.
See more new articles in category: GUIDES