Here’s some sound ransomware virus protection advice:
“The best way to protect yourself and your organization is to have a backup of your data, maintain it, and disconnect it from your computer.”
The sentiment in this quote, which appeared on the FBI website just 4 days ago, was echoed by security experts today in light of a global ransomware virus attack that occurred today, primarily in Europe. Among the directly impacted were the Ukrainian power grid, banks and government offices, Russia’s Rosneft oil company, and Danish shipping giant A.P. Moller-Maersk. With critical infrastructure such as power and water resources under attack, it is hard to ignore the severity of this ransomware virus and threat of cyberattacks in general. This incident serves as the latest evidence that the entire world should be preparing for the worst when it comes to the proposition that servers, systems and data can be rendered inaccessible any moment.
While the US was not as severely hit, several organizations, most notably a Pennsylvania-based healthcare organization (Heritage Valley Healthcare System) and pharmaceutical giant Merck, were impacted by this ransomware virus attack. According to a statement from the HITRUST organization (who provides the world’s most comprehensive security framework for the healthcare industry), this is a “serious incident.” This judgment is based on the fact that that many healthcare firms have been impacted; there are reports that care delivery was impacted and that the ransomware virus was rapidly spreading to other systems and other countries.
Security companies agree that this ransomware virus strain, called Petya uses the same exploit in Microsoft products as WannaCry. It locks computers and encrypts the files on them preventing any user access. Instead of their normal access view, users are presented with the message, “If you see this text, then your files are no longer accessible, because they have been encrypted.” The ransom demanded to unencrypt the files is 300 bitcoin. Further, HITRUST confirmed that:
- This ransomware virus is using NSA’s EternalBlue code.
- This ransomware worm variant does not seem to have a “KillSwitch” like WannaCry v2.0.
- Organizations who having implemented the HITRUST CSF (Common Security Framework) controls (inclusive of Evolve IP as part of our HIPAA compliance and HITRUST certification efforts) would appropriately address the threat.
Get the facts on ransomware with our Ransomware is Dead Webinar:
As with WannaCry, only outdated computing networks were vulnerable. There were widely available patches that could have prevented the attack. But as pointed out by Chris Wysopal, Chief Technology Officer at the security firm Veracode, 100 percent of computers must be patched the new malware has a backup mechanism that allows it spread to patched computers within the network as well. Wysopal says the attack seems to be hitting large industrial companies that “typically have a hard time patching all of their machines because so many systems simply cannot have down time.”
Issuing a dire outlook based on today’s attack, former CIA chief Leon Panetta said, “we are now living at a time when the use of a sophisticated virus in the cyber arena can virtually cripple our country.” While in agreement with that concern, cybersecurity expert Leeza Garber explained that business continuity is possible even in the face of such attacks, when organizations exercise a level of proactivity. Specifically, she said companies should have:
- Proactive protection of systems against such attacks, and
- Proactive and complete backups of your systems and data – this includes plans on how can you recover those backups and get back to business