Ransomware Attacks

NotPetya / GoldenEye Ransomware Attack

Just a month after the WannaCry ransomware attacks devastated the UK, a new cyber-attack has struck a large number of countries across Europe and Asia, infecting hundreds of thousands of computers with ransomware which encrypts their data, demanding a payment of $300 in bitcoins.

Where did the attack start?

The attack is believed to have started in Ukraine, and was initially believed to be a variant of the Petya virus, although e-threat analysists now suggest it could actually be a piece of malware known as GoldenEye. Although the full extent of the attacks is not yet known, it is already believed to be the largest ever to hit Ukraine, with Ukraine’s Central Bank being the first to report an attack, followed by some of Ukraine’s largest state power distribution plants and airports.

How many countries have been infected so far?

While it is not yet clear if these incidents were the result of a simultaneous attack, it is believed that the NotPetya / GoldenEye ransomware has infected over a dozen countries across the globe including Ukraine, Spain, India, Russia, Netherlands, Italy, Poland, Germany, France, Lithuania, Israel, the U.S. and the U.K.

Understanding the full extent of the NotPetya / GoldenEye attack

While the NotPetya / GoldenEye attack certainly shares a number of similarities with the recent WannaCry ransomware attack, the attack of Tuesday 27th June could potentially become more devastating as experts predict another attack could be imminent, and this variation of the ransomware software does not appear to have a kill switch like WannaCry did.

This means that there is no easy fix for those affected, and could result in significant pay-outs for many businesses and government facilities across the globe including the British advertising company WPP.

How does the virus spread?

The devastating fact for most businesses and countries impacted is that the ransomware is able to penetrate and infect their infrastructure, spreading throughout their computer network by using the same MS17-010 vulnerability that Microsoft had released a patch for previously. This means that the majority of businesses impacted would have been safe from the attack if they had just updated their computer systems and been running sufficient anti-virus software.

While the British National Cyber Security Centre is “monitoring the situation closely”, the advice from officials and cyber-protection experts remains to not pay the ransom, as there is no guarantee that your files will be recovered and your systems may remain corrupted.

Tips for protecting your business

As with the recent WannaCry attack, the best way to protect your business is to ensure that all your computer systems are completely up-to-date, and have the latest operating system installed and managed by a skilled IT manager. You should also ensure that each computer has a sufficient anti-virus and train your staff on the best practises to avoid suspicious links or emails. This helps to ensure your employees understand the appropriate course of action to take if they detect a cyber-attack attempt or if their computer becomes infected.

Implementing these policies in a corporate environment can be difficult and time consuming, so the best option is to consult with a cyber-security specialist such as help4IT, who can offer a security consultation, highlighting areas for improvement and suggestion the best approach to take to ensure compliance and protection.

help4IT also offer a complete, managed Security & Disaster Recovery service for those who are looking for an all-encompassing security package backed up by a team of cyber-security professionals and our friendly support team. This allows you complete peace-of-mind when it comes to protecting your business, allowing you time to focus on what matters.