Over the last few weeks/months, the business world has seen significant impacts from CYBER Attacks. RANSOMWARE software “WannaCry” and “NOTPetya didn’t delineate between company size, industry or nation. Many companies found themselves held hostage by “Shadow Brokers” who encrypted their data and then requested a $300 ransom via bitcoin in order to decrypt it and get their data back.
“WannaCry” impacted over 300,000 computers in 150 countries. Although, here in the U.S. the numbers were relatively small due the fact that Microsoft released a patch prior to the incident to counteract this vulnerability many companies were not updated.
The latest attack from “NotPetya” is a more sophisticated version of the Petya Ransomware virus that has been reinventing itself over the last few years, you may also know it as “GoldenEye” (another strain of the virus). This particular RANSOMWARE attack has no permanent fix, although “CyberReason” a Boston-based company has found a way to trick the virus into thinking it already resides on a machine thus preventing the virus from loading. This fix is temporary and companies are scrambling to find a permanent solution. “NotPetya” is particularly devious, it can worm its way through a computer network gathering everything it needs from passwords to credentials and move from device to device causing havoc along the way. You do have one opportunity and only one to subvert an attack in progress. “NotPetya” has a 10-minute delay that it uses to set up a reboot. Computer users will see a False “CHK DSK” message claiming you’re experiencing an error and that the system will be self-checking the integrity of the disk and will be rebooting. If this happens you need to power down immediately prior to the reboot. This is currently the only shot you have to save your data.
The constant barrage of these Ransomware viruses reminds us that we need to stay diligent in our approach to Cyber terrorism.
Here are some best Practices to keep in mind moving forward:
- Backup often: keep a copy of that backup offline and off-site. And encrypt that backup to make it more secure.
- Don’t enable macros in document attachments received via email: It is turned off in Microsoft for a reason – DON’T DO IT!
- Be cautious about unsolicited attachments: If you do not who they are don’t open it.
- Don’t stay logged in as an Administrator for long periods of time: Do what you need to do then get out – don’t peruse your emails, open documents etc. do what needs to be done then get out.
- Install Microsoft office viewer: This allows you to look at excel and word documents without opening them. It doesn’t support macros so you cannot mistakenly enable them.
- Patch early and often: The sooner you patch the fewer vulnerabilities there are to be exploited.
- Stay up to date with new security features in your business applications: a good example of this would be: Office 2016 which now includes a control called “Block macros from running in Office files from the internet”, this helps protect against external malicious content but allows you to continue to use your macros internally.
- Use a good antivirus/antispam/Firewall software: Keeping it updated and running regularly will help decrease some of your risks.
- Disconnect your machine: If you do feel you have an issue disconnect the machine immediately so as to not infect other computers on your network.
- Other Software: utilize other software application like Sophos Intercept X which finding and prevents ransomware from encrypting your files.
- Other best practices: Try Cloud Sandboxing at both the email and web gateways to block threats. Also, Server Whitelisting and lockdown can secure your servers by authorizing applications and what they can and cannot change and update and automatically blocks any malicious action.
- Find a company to manage your devices: If you feel your company is not equipped to manage these yourself find a company that can, it will save you time, money and headaches in the long run.