Earlier this summer, another ransomware attack halted thousands of businesses around the world. Although there were attacks on a variety of US and European devices, the main focus of this attack was government, bank, and electrical companies in Ukraine. The hackers even went as far as to take down Chernobyl’s radiation monitoring system, forcing employees to manually monitor levels of hazardous radiation. This attack has been referred to as “Petya” across many channels, as it was thought to be a resurgence of an existing attack. In reality, it is a new virus that mimics some of the original attack’s code. And although there is a prompt for payment, the goal of this virus isn’t monetary. This blog is to help you learn more about the computer virus that shut down the national Bank of Ukraine and other critical government agencies.
This assault originated in financial software which used throughout Ukraine and spread first to the clients who were victims of a malicious link claiming to be a software update. Other hacks were carried out through phishing emails with various links that were used to lure victims. Some of these system vulnerabilities, known as EternalBlue, were identified during a rumored leak from NSA documents. Similarly to the code that was used in the “WannaCry” attack, this attack targeted only Microsoft computers. Once the virus was transmitted to a user with administrative capabilities, it gained the opportunity to execute commands on all of the network’s machines. The hackers then carried out an encryption of each machine’s files and restricted access to the windows platform. This way, when the computers were re-started, they would only show the notification of the hack, the monetary demand, and instructions for payment, which users falsely believed would result in their system’s restoration.
When users received a notification of the breach, a random string of characters was generated which was meant to mimic other attacks which produced a unique code that users would use to retrieve a correlating encryption code. However, unlike typical ransomware, these numbers didn’t align with an encryption key that could be entered to restore all of the information. With or without the payment, a majority of the data was transformed into an unreadable and unsalvageable format. This makes it clear that those who carried out the attack didn’t have monetary goals and were instead seeking to cause as much damage to these businesses as possible.
So, how do you prevent attacks like these from happening to your business? Implementing the latest software updates, utilizing 24/7 network protection, and monitoring your infrastructure is a start to ensuring your systems aren’t affected. During this preparation, it is also critical that you put a proper backup and disaster recovery plan in place. This will ensure that if your systems are compromised, you will be able to restore the information easily and completely. To learn more about how you can help protect your business from these vicious attacks, contact us today!
To find out how we can help your organization, please contact one of our friendly sales representatives for a review of your system and a comprehensive (No Obligation) proposal of services. Call today toll-free at 800.614-7886 [Austin | Houston | Dallas | San Antonio] or email us at firstname.lastname@example.org.