Malware & Ransomware Everywhere: What The Hack?!

1. If you’re stumbling across this post, you’ve likely been researching the latest events to hit the digital world, ransomware. Namely the WannaCry and the Petya ransomware attacks. I’ll spare the fluff and get into the meat.

We thought it would be good to craft an article to help educated our clients and teams on what these threats really are. Although these types of attacks don’t directly impact search platforms, they have ramifications that impact several systems that are all interconnected; from healthcare to banks and financial institutions. As the term “ransomware” implies, these attacks encrypt vital systems and computer data to prevent users from accessing the information. The only remedy is to pay for the system to be decrypted by the same party that encrypted the computer or wipe the system clean. According to many cybersecurity experts, these malware attacks are only the beginning of a growing trend that proactive measures can help stem.

Petya Ransomware Effected ATM in the UK. C/o Telegraph

How Did This Happen?

Malware, ransomware, oh my! They all have the same mission, disrupt with the goal of generating funds to illicit individuals using their computer talents for ‘evil.’ As no one knows what they are really doing with the funds these efforts generate, we can only assume they are up to nefarious no-good with the ransoms or bot network generated revenue. With WannaCry and Petya, the vulnerabilities were identified in Microsoft and Microsoft Office operations.

WannaCry (also known as Wanna Decrypt0r) leveraged an operating system vulnerability in outdated versions of the Microsoft operating system, including Windows XP, Windows 8, and Windows Server 2003 (ref. Fortified Health Security). And, although Microsoft had put a patch out for the vulnerability, some major organizations, such as the National Health Service, neglected to update, and were hit on May 12th.

Petya (also known as Goldeneye and Petwrap) struck the European and Russian areas early today, quickly spreading through systems of networks worldwide, even as far as Australia. With Petya, the system made use of a Microsoft Office vulnerability (again, patched earlier this year CVE-2017-0199) and once it found it’s in, it altered the Master Boot Record. What made this ransomware even more dangerous is it’s ability to use the data on a networked computer to log into other networked computers and propagate further.

Where Did These Infections Come From?!

No one knows just yet. However, based on the code architecture and the way both of these malware attacks operate, it is known that they are built from knowledge gained from the National Security Agency leak of cyber tools. The NSA connection is based on programmed vulnerability, an exploit called EternalBlue, that would give the agency access to systems using the compromised programming. Worser still, there could be other programs waiting in the wings or mining data right now… (ref. The Verge).

The Wrapper

If you’ve been impacted, nothing less than a full factory restart will do. Having regular and secure offline backups is always a good plan. There are several methods for performing backups online as well. For enterprises, there are several resources focused on preventing and being proactive, offering do’s and don’ts with malware/ransomware. The best thing to do is either get a Mac or make sure your computers are updated regularly. Sh!+ will inevitably hit the fan, it’s unpreventable. Being prepared is always step zero. Backing up is step one.