Ransomware now has to be the number one issue for governments and security experts put in charge of fighting cybercrime. In fact, it should be the top concern for anyone running a business or even anyone who owns a computer.
It has already been proven that last month’s WannaCry was not a one off. As the ‘Petya’ ransomware sweeps around the world, infecting systems in Russia, Europe, the US (and everywhere in between), IT security experts are signalling the dawn of a new era.
Farsight Security CEO Dr. Paul Vixie said: "WannaCry recently and now Petya are not the end of an era, but rather the beginning of one. The Internet security and software industries cannot keep up with the complexity of our online systems, but the bad guys certainly can. We must all stop accepting promises of safety from our vendors and start listening to our I.T. departments and other white-hatted technical experts. They are telling us that everything is broken and we have to take that to heart. Patch every day. Back up every day.”
The world is facing its second major global ransomware attack in the last two months. Many public and private firms are just getting their systems up and running again after the WannaCry virus swept across the world, infecting some 230,000 systems in an estimated 150 countries. And now, a similar ransomware attack – known as ‘Petya’ – is spreading through large firms in the US and Europe after initially hitting companies in Russia and Ukraine.
The worrying thing is that the cybercriminals appear to be (at least) one step ahead of those in charge of curbing these attacks. Mark Skilton of the Warwick Business School believes that it is time to accept the state of play and focus on preventing the attacks in the first place, rather than searching for a cure when it is already too late. "Pandora is out of the box thanks to the ironic lack of security exercised by the NSA and other agencies in looking after their stock pile of cyber weapons,” he said. "Determined individuals will get access at some point and much more needs to be done by these agencies to keep access to their cyber weapons highly secure. There is a desperate need for better governance of these digital weapons as the consequences of them escaping are severe.
He added: “Prevention is better than trying to find a complicated cure. As predicted the Wannacry attack was the first of what could be many variants of exploiting the stolen cache of NSA cyber weapons now sold on the dark web. Microsoft says its latest patches will protect computers, but this again demonstrates the lack of widespread practice by companies and users to update their systems with key virus protections."
The job at hand is in fact so difficult to manage, that even security experts are at loggerheads over what the exactly the virus is. While many are labeling – and reporting – it as the ‘Petya’ ransomeware, others are not so convinced. Skilton said that initial assessments of the attack suggest that it is on offshoot of the ‘EternalBlue plus some additional methods, which is now spreading globally and this time it has no kill switch web address’.
Meanwhile Vyacheslav Zakorzhevsky, head of anti-malware team at Kaspersky Lab said that the firm’s initial reports suggest that it is not a variant of the Petya ransomware at all. “Our preliminary findings suggest that it is not a variant of Petya ransomware as publically reported, but a new ransomware that has not been seen before,” he said. “The company’s telemetrics data indicates around 2,000 attacked users so far. Organizations in Russia and the Ukraine are the most affected, and we have also registered hits in Poland, Italy, Germany and several other countries. The attack vector is not yet known.”
Finding out what exactly this latest attack is and then stopping it, is the first most imminent job at hand. Finding a long-term prevention to ransomware attacks is the most important job at hand. In the meantime, buckle up, as there are sure to be more ransomware attacks lurking ominously round the corner.