Arraya Insights | June 29, 2017
The dust hasn’t even settled on WannaCry and yet there’s already a new global ransomware epidemic making headlines. Just last week, Australian police discovered WannaCry, the malware strain that dominated tech coverage back in May, in some of their traffic cameras. This WannaCry aftershock was upstaged this week, however, by Petya (also known by several other aliases), the latest ransomware variant causing catastrophic damage to companies around the world.
Like WannaCry, Petya leverages malware allegedly developed by the NSA and released by the crime group known as the “Shadow Brokers.” Also like WannaCry, Petya is easily defended against, yet we continue to see these types of attacks succeed.
There were a couple big names listed as victims of the latest attacks, most notably the shipping company Maersk. Maersk manages approximately 15% of worldwide container shipments, but as of Tuesday morning, just about its entire operation was completely disabled because the company’s computer systems were locked up by ransomware. According to Reuters, “The breakdown affected all business units at Maersk, including container shipping, port and tug boat operations, oil and gas production, drilling services, and oil tankers.”
Maersk wasn’t alone either. This attack spread to 65 countries affected companies across all industries. The Russian oil company Rosneft, US-based pharmaceutical giant Merck, and assorted banks, government offices, power plants, law firms and manufacturers were negatively affected. While the ransom was generally cheap ($300), the speed with which the malware spread and the impact to infected systems was much higher. Additionally, the email account connected to the ransomware went offline during the height of the attack, leading many experts to speculate that the malware infection wasn’t designed necessarily to generate profits, but rather to inflict devastation upon the systems it compromised.
Another Attack that Could’ve Been Avoided
I continue to be amazed at how simple some of these large scale attacks are to defend against. While this malware had a slightly different method for locking up systems and spreading, the infection method was exactly the same as WannaCry. Just like WannaCry, if all your systems are patched, you’re protected. It’s really that simple. I almost wish it was more complicated or sophisticated, but it’s really not. Microsoft told the world that this vulnerability was out there and pushed a patch. WannaCry showed the damage that could ensue if the door was left unlocked and many companies paid the price. But despite all of those warning signs, organizations continue to ignore the foundational security hygiene that would prevent these types of results.
There are a lot of great tools out there. I see new security solutions all the time around behavioral analytics, event correlation, real time alerting, machine learning and artificial intelligence. The tools can do a lot of cool stuff and have some really great capabilities, but in my opinion they are useless if you’re not taking care of the basic blocking and tackling – patching, network segmentation, multifactor authentication, training, etc. Those tasks aren’t sexy, but I bet the C-Suite for all of the companies impacted by Petya are now re-focusing their efforts on the basics. Unfortunately, it took an event of this scale to drive those initiatives.
Arraya Cyber Security Services
Arraya is positioned to help companies that want to put protections in place now and not wait for a catastrophe to occur. Our team is highly trained and can help organizations build customized solutions that align with business objectives. Our advisory services, architecture and tools, and managed services provide defense in depth capabilities to defend against these types of attacks.