Ransomware-as-a-service has been identified as the next great cyber threat, and the stats indicate we’re already living the nightmare. Forbes reports that the growth is enormous, with “attacks [multiplying] 167 times over, from 4 million in 2015 to 638 million in 2016.”
Dubbed GoldenEye by many, the latest strain of the Petya malware may be the most dangerous yet. GoldenEye has two layers of encryption, one for files and one for the hard drive itself. As these new threats spread across networks, even users who have acted responsibly could be affected, for example if a colleague or anyone sharing your network has downloaded an unsafe attachment or clicked on the wrong link.
What Do I Need to Know About This Strain of Petya?
This type of ransomware has been triggered by leaked NSA data on the EternalBlue exploit, from hacker group, Shadow Brokers, which similarly allowed files to be shared across networks. Cybercriminals have jumped at the chance to compromise whole organizations at one time, rather than relying on each individual user.
Once the files have been encrypted, your computer is forced to restart, and your files are held to ransom until a bitcoin payment has been made. This is typically around $300. Mark Mager, security researcher for Endgame adds that GoldenEye “also deletes the computer’s event logs to cover its tracks and hide from analysts” making it far harder to find those responsible or stop the malware in its tracks. Even if you were to pay the ransom, the likelihood that your files would be restored is slim, with less than half of victims ever recovering their data in full, even with backups in place.
The sheer scope of the initial infection is also unprecedented, with experts suggesting that the malware entered millions of computers at one time, by attacking popular accounting software MeDoc in the Ukraine and then infecting their latest update for all users.
The targets now include more than 80 companies throughout Europe and the US. This includes several Ukrainian infrastructures such as the Ukrainian National Bank and the Chernobyl Radiation Measurement Systems, forcing staff to monitor levels manually.
Protecting Your Corporate Customer by Preventing the Next Attack
While this strain of attack does not move beyond the local network, ensuring it will not spread as widely as an incident like WannaCry for example, the trends are becoming disturbingly clear. Criminals are focusing their efforts on targeting businesses rather than individuals, which poses a threat not just to big business, but to customers and subscribers, too.
They are also offering opportunities to buy and sell ransomware, even for those who are unable to develop their own. Steadier volumes of attacks may suggest a criminal infrastructure where this type of malware is being sold as a tool; a ready to go solution.
As of 2016, just 4% of US organizations said that they were confident in their security preventing a cyber attack. Your customers expect a clean network, and deserve maximum confidence in your ability to protect them. If an attack happens, they will ultimately place the blame at your door.
So what can service providers do? As well as ensuring that your company is installing all Windows critical updates, find a web security solution which protects against both malware and ransomware. If you have mobile employees, you can deploy additional protection with local end-point security. You might also benefit from a network-based security solution, or Application Privilege Control, which includes additional features. Using this, you can block access to certain files including Perfc.dat and the PSExec utility, both associated with this ransomware attack.
As ransomware becomes more complex and wide-reaching, your security solutions should be doing the same, protecting your consumers without sacrificing performance and efficiency.