X
NEXT
Forgot password?

DigitalXRAID

Not Petya

There have been news articles upon news articles about recent ransomware attacks, using malware that encrypts the users data and asks for Bitcoin in exchange for your files back. For the most part, there hasn’t been a lot of variation in the function of the ransomware that has hit headlines. Except for one piece of malware: NotPetya.

NotPetya differentiates itself from the rest of the ransomware crowd by being…not Petya. Or ransomware at all for that matter. Unlike ransomware, including it’s namesake, Petya, NotPetya completely overwrites files, making recovery completely impossible. That doesn’t stop the malware from demanding payment, however unlike with typical ransomware operations there is absolutely no hope of recovering your data, payment or not. Research performed by Matthieu Suiche suggests that the code related to the ransom notes, including the generation of ID numbers, is merely to provide the illusion of the possibility of recovery, should Bitcoins be paid out.

The existence of such wiper malware can perhaps be seen as an inevitability; If malware can encrypt your drives, there is nothing to stop the data from being stolen or being wiped completely. There were many similar outbreaks in the late 90’s, when ransomware and particularly wiper malware similar to NotPetya were widespread issues in the IT industry.

The continued existence and proliferation of such attacks should be seen as a precautionary tale for system administrators. Updates being applied, sensible Software Restriction Policies put in place and regular backups being performed and tested will go a long way to protecting your company from ransomware and wiper malware attacks.

Mitigations

Ensure employees are aware of Ransomware and its dangers, through regular training & Phishing campaigns.
Train employees to question the validity of emails and to not open suspicious unexpected attachments.
Disable Macro scripts within Microsoft Office.
Manage the distribution of privileged accounts. Only use administrative accounts when absolutely necessary.
Have a robust and frequent data Backup strategy in place. Ensure backup data isn’t attached to the network. Always keep a backup offsite and offline.
Rename sensitive file extensions to something unique [.doc to .file] This will prevent ransomware from encrypting the document.

Previous Article

What lessons should organisations learn from an international ransomware attack?

Next Article

DigitalXRAID Nominated for GDS Review Awards 2017

Cyber Security Experts

Accredited and regulated, we're in the top 1% of cyber security agencies globally

Crown Commercial Service Supplier Cyber Essentials Plus ISO 27001 BSI ISO 9001 CHECK NCSC Cyber Incident Response CREST

We’re trusted by the UK Government as Crown Commercial Service providers as well as being accredited by two of the leading cyber security governing bodies. Our ISO9001 certification means you can rest assured our processes and approach are market leading.

Protect Your Business & Your Reputation.

With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.

Speak To An Expert

x

Get In Touch

[contact-form-7 id="5" title="Contact Us Form"]