How to Pro­tect Your Or­ga­ni­za­tion from the Petya Ran­somware At­tack

The DQWeek (Chennai) - - EDIT - Au­thored By :

The world has sig­nif­i­cantly trans­formed over the past cou­ple of decades since the ad­vent of in­for­ma­tion tech­nol­ogy and the in­ter­net, both of which have now be­come a sig­nif­i­cant part of our lives. All of us are now con­nected to each other via se­ries of in­vis­i­ble net­works that tran­scend ge­o­graph­i­cal borders, mak­ing us aware of lat­est global devel­op­ments ev­ery day as and when they oc­cur.

How­ever, the ad­vance­ment of in­ter­net has also led to the rise of cy­ber se­cu­rity threats like Ran­somware across the world that tar­get both in­di­vid­u­als and es­tab­lish­ments with dire con­se­quences. Ran­somware is a type of cor­rupt soft­ware that can block ac­cess to any com­puter sys­tem un­til a ran­som amount is paid to the hacker by the af­fected party. Such types of soft­ware are used by cy­ber crim­i­nals to usu­ally tar­get sys­tems that con­tain valu­able in­for­ma­tion, which, un­less the af­fected per­son or or­ga­ni­za­tions pays for, can be mis­used for ne­far­i­ous pur­poses.

Just a few months back in May 2017, the world woke up to a mas­sive ran­somware cryp­toworm at­tack – Wan­naCry, which tar­geted com­put­ers that ran on the Mi­crosoft Win­dows op­er­at­ing sys­tem by en­crypt­ing the data on those sys­tems, and de­manded the ran­som be paid in bit­coins, a form of cryp­tocur­rency. It is es­ti­mated that over 2 Lakh com­puter sys­tems were af­fected by the Wan­naCry ran­somware across 150 coun­tries, with eco­nomic dam­ages amount­ing to more than USD 4 bil­lion ac­cord­ing to Cyence.

Fol­low­ing this, as the world be­gan to re­cover from the af­ter ef­fects of Wan­naCry, it wit­nessed an­other ran­somware at­tack in the form of an ad­vanced vari­ant of the Petya ran­somware in June 2017, which threat­ens to ran­sack the se­cu­rity of or­ga­ni­za­tions across the globe. The at­tack tar­geted gov­ern­ment sys­tems, do­mes­tic banks, and power com­pa­nies in Ukraine, as well as other large com­pa­nies in the world. Just like the Wan­naCry at­tack, those af­fected by the Petya ran­somware found their files en­crypted, fol­lowed by a de­mand of USD 300 in bit­coin as ran­som to re­lease those files.

While both ran­somware have a sim­i­lar de­liv­ery method, and are spread via on­line scams, and phish­ing e-mails, it has been sug­gested that the Petya ran­somware likely orig­i­nates from an al­ready in­fected ap­pli­ca­tion up­date from a breached soft­ware ven­dor. It uses that as its pri­mary vec­tor as the ran­somware pay­load needs lo­cal ad­min­is­tra­tor ac­cess, and for in­fect­ing suc­ces­sive com­puter sys­tems. As soon as the Petya ran­somware is ex­e­cuted, the in­fected sys­tem’s MBR gets over­writ­ten by the cus­tom boot loader, fol­low­ing which a ma­li­cious ker­nel con­tain­inga cor­rupt­ing code is loaded into the sys­tem to com­mence the process of en­crypt­ing files within that sys­tem.

Judg­ing by the ex­tent of such ma­li­cious at­tacks, the most im­por­tant ques­tion asked by busi­ness own­ers is: Can we save our com­pany from the Petya ran­somware at­tack?

Pro­tect­ing your or­ga­ni­za­tion from Petya Ran­somware At­tack – Pre­ven­tive mea­sures

These days, it has be­come a mat­ter of ex­treme im­por­tance for or­ga­ni­za­tions to take pre­ven­tive ac­tions in terms of cy­ber se­cu­rity in a bid to pro­tect con­fi­den­tial data from po­ten­tial threats, such as the Petya ran­somware. Fol­low­ing are some ac­tions that busi­ness own­ers can take to en­sure the same:

De­ploy lat­est se­cu­rity patches on all sys­tems – Or­ga­ni­za­tions should make sure to set up only the lat­est Mi­crosoft se­cu­rity patches on each com­puter sys­tem, specif­i­cally the MS17-010, which safe­guards Server Mes­sage Block (SMB) vul­ner­a­bil­i­ties.

Dis­able SMBv1 – Dis­abling SMBv1 can help in pre­vent­ing ma­li­cious soft­ware like Petya from spread­ing to other sys­tems.

Cre­ate more aware­ness among end-users – Or­ga­ni­za­tions should make sure that end-users, i.e. the em­ploy­ees and other staff are aware about lat­est cy­ber se­cu­rity threats, and be ex­tremely cau­tious of open­ing sus­pi­cious files, at­tach­ments, or links re­ceived from un­known senders.

Make sure your anti-virus soft­ware is reg­u­larly up­dated – It is im­por­tant to en­sure that the anti-virus soft­ware be­ing used to pro­tect com­puter sys­tems within an or­ga­ni­za­tion is reg­u­larly up­dated as an out­dated ver­sion will not be able to safe­guard sys­tems from an ad­vanced mal­ware.

Back-up ev­ery data – Make sure that all data and im­por- tant files on lo­cal disks have a back-up copy, as most user data can be repli­cated via shared net­works.

Avoid users from writ­ing data any­where apart from des­ig­nated ar­eas – Com­pa­nies should en­sure that all com­puter users within the work­place avoid writ­ing data any­where apart from the des­ig­nated ar­eas on the lo­cal hard drive to pre­vent loss of data in case of a po­ten­tial cy­ber-at­tack.

Re­strict lo­cal ad­min­is­tra­tion ac­cess – To fur­ther limit the pos­si­bil­ity of a ran­somware at­tack, or­ga­ni­za­tions can limit or re­strict ac­cess to lo­cal ad­min­is­tra­tion to just few trusted as­so­ci­ates.

Apart from above men­tioned tips, busi­ness own­ers can learn to pro­tect their or­ga­ni­za­tion against ran­somware by do­ing on­line re­search on re­cent cy­ber threats. They can also at­tend or con­duct Ran­somware We­bi­nars to learn more about ran­somware in­fec­tion tech­niques, and how to strengthen se­cu­rity & ar­chi­tec­ture of their com­pany. Ad­di­tion­ally, they can also learn more about mal­ware at on­line se­cu­rity hubs for com­pli­men­tary re­search and we­bi­nars.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.