Petya : Another mass ransomware attack on business
Many organisations in Europe and the US have been crippled by a ransomware attack known as “Petya” or more accurately an altered version that has been labelled NonPetya or not-Petya. The malicious software has spread through large firms including the advertiser WPP, food company Mondelez, legal firm DLA Piper and Danish shipping and transport firm Maersk, leading to PCs and data being locked up and held for ransom.
The attack appears to have been seeded through a software update mechanism built into an accounting program that companies working with the Ukrainian government need to use, according to the Ukrainian cyber police. This explains why so many Ukrainian organisations were affected, including government, banks, state power utilities and Kiev’s airport and metro system. The radiation monitoring system at Chernobyl was also taken offline, forcing employees to use hand-held counters to measure levels at the former nuclear plant’s exclusion zone. A second wave of infections was spawned by a phishing campaign featuring malware-laden attachments.
Unlike WannaCry, this version of Petya tries to spread internally within networks, but not seed itself externally. That may have limited the ultimate spread of the malware, which seems to have seen a decrease in the rate of new infections overnight.
Many well-regarded experts claim that the not-Petya ransomware wasn’t “ransomware” at all, but a “wiper” whose goal was to destroy files, without any intent at letting victims recover their files.
Regardless of what form of malware NonPetya is, it is another example of why businesses (and consumers) should be taking cyber security seriously. We highly recommend that all your PCs are kept up to date and an anti-virus solution is used.
What most small businesses neglect is a proper backup solution. If you are hit with ransomware and have no backup you will have to pay the ransom or lose all your work and important data. In the case of NonPetya, you might just lose all your important data.
Many companies think Google Drive/Dropbox or similar services are backup solutions, but they are not. They are synchronisation solutions and it is extremely easy to delete files from one client which will then affect all other clients. For a software solution, we recommend a solution such as Backblaze or CrashPlan. These carry out true backups and encrypt the data with bank-level security.
Recovering data from these services can be slow and we generally highly recommend a local backup used in conjunction with a remote backup such as BackBlaze. In this case, Network Attached Storage (NAS) servers such as Synology are amazing purchases for small business and they act like cloud services, but physically located in your property. We a Synology NAS you can be working on your important work files as soon as you have access to a none infected PC.
If you would like help implementing a proper backup solution or would just like IT support in general then feel free to contact us on 01253 963 016 or via the below form.