Comment provided by Andrew Douthwaite, VP Managed Services VirtualArmour.
What we know
On the heels of the “WannaCry” attack and as businesses and governments are in the midst of beefing up their cybersecurity standards another attack has occurred.
The ‘Petya’ ransomware outbreak started in Eastern Europe with first confirmed cases in Ukraine & Russia. It has subsequently been spreading West over the course of the day. Originally believed to utilize aspects of an existing ransomware (Petya) to perform its malicious activities, it is now believed to be an entirely new type of ransomware.
“It has been confirmed that the attack is using modified parts of the EternalBlue vulnerability which was leaked in April.” said Andrew Douthwaite, VP of Managed Services at VirtualArmour. “Similar to “WannaCry” this ransomware has Microsoft certificates which could be used to install programs without prompts from the user due to the installers being trusted by Window’s machines.”
“We are advising that businesses which haven’t yet shown signs of a breach notify all staff immediately in order to mitigate chances of them inadvertently triggering a breach. This will often occur through clicking links within phishing emails which grants access to the malicious software.” says Douthwaite. “Businesses which haven’t had recent system updates will remain at risk and we suggest that any Windows devices which haven’t been updated to the latest available version of the operating system be disconnected from the network immediately.
We believe that the severity of attacks of this nature will continue to increase and projections are that costs of damage they cause this year alone will reach $5 Billion*.”