We’ve talked a lot about ransomware this year. The WannaCry attack was certainly the most notable, recently. Ransomware is a nasty piece of code that takes your system hostage until you pay the hacker whatever they demand. Then, most people assume, you get the pass key and regain control. However, it’s often advised to not pay the ransom because there’s little guarantee that the data will be released and you just empower the attackers to keep it up. It’s a pretty mean trick, but there’s a worse one: Wiperware.
On June 28th, the world got its first major viewing of wiperware in the form of a virus called Petya. While, initially, it was reported that the Petya virus was ransomware, it turned out the ransomware claim was just to garner media attention and there was a much bleaker intent than holding data hostage. The objective was to permanently wipe as many hard drives as possible on infected networks. The attack infected thousands of systems across the world, including massive multi-national corporations like Maersk, Rosneft and Merck.
How does it work?
The US Computer Emergency Readiness Team (USCERT) said the “Petya variant encrypts the victim’s files with a dynamically generated, 128-bit key and creates a unique ID of the victim. However, there is no evidence of a relationship between the encryption key and the victim’s ID, which means it may not be possible for the attacker to decrypt the victim’s files even if the ransom is paid.”
How to prevent an attack:
- Scan all incoming and outgoing emails to detect threats and filter executable files from reaching the end users.
- Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.
- Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary.
- Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.
- Disable macro scripts from Microsoft Office files transmitted via email. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full Office suite applications.
- Develop, institute, and practice employee education programs for identifying scams, malicious links, and attempted social engineering.
- Run regular penetration tests against the network, no less than once a year. Ideally, run these as often as possible and practical.
- Test your backups to ensure they work correctly upon use.
- Utilize host-based firewalls and block workstation-to-workstation communications.
- Ensure anti-virus software is up-to-date.
- Implement a data backup and recovery plan to maintain copies of sensitive or proprietary data in a separate and secure location. Backup copies of sensitive data should not be readily accessible from local networks.
- Scrutinize links contained in emails, and do not open attachments included in unsolicited emails.
- Only download software—especially free software—from sites you know and trust.
- Enable automated patches for your operating system and Web browser.
How Great Lakes Computer Corporation can help.
There is no guaranteed solution to prevent data theft and malware. Hackers are coming up with new variants on old attacks everyday. However, you can decrease the likelihood of an attack by making it harder to gain access to your data. The biggest weakness in your security will always be your staff. Read our article 8 Network Security Best Practices Your Staff Needs to Know for some helpful tips.
Great Lakes Computer offers a wide range of services that can help safegaurd your data from remote server monitoring to cloud computing to antivirus software to data backup and recovery. We have also partnered with proven providers of services like digital forensics and cyber liablity insurance to ensure our clients have all the tools they need to prevent, detect, remediate, and recover from attacks on their systems. We can help you build the strongest defense possible.