Posted on 5/07/2017 by Jay Banghar
Are we WannaCry-ing all over again?
The latest ransomware attack that shook up the Cybersecurity world last week evokes a strong feeling of Deja Vu.
On the morning of June 27th, the first wave of cyberattacks were spreading fast against Ukraine’s critical infrastructure which were in aviation, banking and electricity. Affected systems were widespread and included Ukrenergo, Ukraine’s electric transmission company, and Kyivenergo, the electric transmission company serving Kiev region.
The new offending malware uses the same worm-based approach as WannaCry and is going by several names. Noting similarities with the Petya malware, many security researchers have simply declared it as ‘Petya’, while others called it ‘NonPetya’ or ‘GoldenEye’, which was a variant of Petya. Kaspersky Lab found similarities with a Petya modification and has dubbed it ‘ExPetr’.
Petya vs WannaCry - How do the two ransomware stack up?
Unlike the recent WannaCry attack, Petya appeared to be targeted, where it does not spread over the Internet from infected victims to the vast majority of Internet users. Security experts believe Petya is being ‘forced’ into businesses and enterprises, before being rapidly spread within, to do damage to the business and its supply chain.
Both WannaCry and Petya attack through ‘phishing’ and security firms confirmed that Petya was infecting Windows systems through the Eternal Blue exploit with unpatched server message block vulnerability, thus encrypting the victim's’ files. This was similar to that of WannaCry’s strategy.
However, according to cybersecurity experts, Petya is more dangerous and intrusive than WannaCry as unlike WannaCry that encrypts a computer’s files, Petya encrypts a segment of the hard drive, making the computer inoperable. Also, Petya had the ability to extract passwords from memory or the local file systems, before moving on and infecting other systems, thus making it very easy to spread and dangerous.
Petya - A Wiper, not Ransomware?
Interestingly, perpetrators behind Petya may not be after monetary gains after all. After an analysis of the encryption routine of the malware used in the Petya attacks, cybersecurity experts concluded that the Petya threat could not decrypt victims’ infected disk, even if a payment was made. This then supported the notion that the Petya malware was not designed as a ransomware attack for monetary gain, but appearing to have been designed as a ‘wiper’ pretending to be ransomware. While ransomware only encrypts files until the ransom is paid, a ‘wiper’ is designed to completely destroy the computer system.
Both WannaCry and Petya seem to be part of ‘sneaky’ new strategies of taking advantage of newly discovered vulnerabilities with widespread global cyberattacks and increasingly destructive ‘payments’. They could potentially be the start of a new ‘wave’ of attacks in the future cybercrime world - ‘ransomworms’, making the situation extremely worrying.
Ask yourself: Are YOU prepared for this ‘wave’?
What’s very familiar is the finger-pointing and the blaming. WannaCry should have been the wake up call, but the fact that Petya spread just as rapidly proved that that organisations may not yet be fully prepared with the necessary cybersecurity talent to handle the implementations and patches.
This is where we help. At SearchElect, we pride ourselves in providing highly skilled Cybersecurity talent from our database of over 9000 Cybersecurity professionals across Asia.
Find out how SearchElect can help YOUR organisation protect itself from future 'Petyas' and 'WannaCrys' with TOP Cybersecurity Talent.
Looking forward to hearing from you.
+65 6589 8787