Latest Cyberattack Marks New Era of Hacking
By Jackson Lewis on Jun. 28, 2017CHICAGO -- WannaCry, the worldwide ransomware attack launched in May, was resurrected Tuesday, June 27, as a similar virus dubbed Petya.
The spread of the updated virus could herald a new hacking status quo in which ransomware is more commonly leveled at entire networks instead of individuals, according to McAfee CEO Christopher Young on Bloomberg.
The attacks have spread from Europe to the United States and South America in less than 24 hours. Victims’ files are encrypted and held for ransom, the hallmark trait of ransomware, to the tune of $300 in bitcoin, a cryptocurrency. Ransomware is a form of malware, a computer virus that usually finds its way into a company’s network when an employee unknowingly clicks a link in an email message that allows the virus access, a practice referred to as phishing.
Click through for more information about where the attack comes from and what it means for convenience stores …
Where does it come from?
Bloomberg reported that the virus “uses an exploit called Eternal Blue to spread by taking advantage of vulnerabilities in Microsoft Corp.’s Windows operating system, similar to WannaCry. But many of those weaknesses have been patched for months—meaning that many computers already have protection against its key propagation mechanism.”
Eternal Blue is a digital weapon believed to have been developed by the U.S. National Security Agency that was leaked online by a hacker group called the Shadow Brokers, according to online-security news source Krebs on Security.
Krebs on Security also wrote that though Microsoft released a patch to defend against the Eternal Blue exploit in March, many businesses have not yet installed the patch, and it advises those who have not to do so immediately.
The attack appears to have started in Ukraine, and the BBC wrote that those with knowledge of the subject “are increasingly pointing to a piece of Ukrainian tax-filing software, MEDoc, as the source of the infection, although the company denies it.”
Can it be stopped?
There is no “kill switch” for this attack like there was for the WannaCry attack, at least not yet. Similar to WannaCry, this ransomware virus uses leaked U.S. government data and takes advantage of the increasing value of bitcoin and other cryptocurrencies.
The best strategy for companies right now, according to Young, the McAfee CEO, is to ensure that all security software is up to date and that employees and users are on alert.
“The number one thing they can do is make sure they’re patching the vulnerabilities that they’ve been alerted to in their environments,” said Young. “The second thing they need to be doing is making sure that they’re updating all of their cybersecurity defenses.
“So make sure they’ve got the latest versions of the cybersecurity software working. Make sure they’ve got adequate monitoring and alerting capabilities in their organization. Make sure they’ve got users on the alert for these kinds of attacks as well. Users can be a really good, important source of intelligence when these kinds of attacks happen.”
What should c-stores do?
Aside from ensuring that software is patched and lines of communication are open, it is important to educate employees on how to spot phishing attacks and to keep a clear company policy when it comes to using personal devices for work, as networks are often compromised by employees linking personal devices carrying a virus to the system at work.
Microsoft’s blog contains pertinent information about the origins of Petya and what infection looks like.
It does not appear that convenience stores are being targeted, but the virus does not seem to discriminate when it comes to victims. A large variety of organizations, from Ukraine’s central bank to Russia’s state-run oil company and Dutch logistics firm Maersk, have been infected.
If these company-wide ransomware attacks are becoming the new normal, as McAfee’s CEO suggests, then it is important that companies shore up their defenses and plan what to do in case of a cyberattack as soon as possible.