June 27, 2017 archive

New Petyawrap Ransomware Attack Again Highlights Critical Need For Security Processes

Whenever there's a new attack on a global scale, the world trusts the Internet a little less. Today we are concerned with the many reports about this new ransomware attack called "Petyawrap", "Petrwrap" or an older name of "Petya."

The sad fact is: this new attack exploits the same vulnerabilities in Windows systems as last month's WannaCry attack. 

Fixes have been available for most Windows systems since March 2017!

The same tips Niel Harper provided last month to protect against ransomware also apply here.

Dan York

New Petyawrap Ransomware Attack Again Highlights Critical Need For Security Processes

Whenever there’s a new attack on a global scale, the world trusts the Internet a little less. Today we are concerned with the many reports about this new ransomware attack called “Petyawrap”, “Petrwrap” or an older name of “Petya.”

The sad fact is: this new attack exploits the same vulnerabilities in Windows systems as last month’s WannaCry attack. 

Fixes have been available for most Windows systems since March 2017!

The same tips Niel Harper provided last month to protect against ransomware also apply here.

Why haven’t the updates been applied? Often, smaller organizations may not have the needed IT staff. Enterprises may not fully embrace the level of business continuity planning they need. Companies may have legacy systems that are hard to patch.

Many organizations may have thought they were “safe” when they weren’t hit by WannaCry. They may have breathed a sigh of relief – and moved on to other critical needs.

The bad news is that this new attack gets nastier after the initial penetration of a network. Dan Goodin at ArsTechnia relays that the attack payload includes tools to extract user passwords. It can then infect other systems on your network using those credentials. Microsoft has more technical details. Unlike WannaCry, there seems to be no “kill switch” to stop the infections. (See update below.)

As Olaf Kolkman wrote last month in response to the WannaCry ransomware:

“When you are connected to the Internet, you are part of the Internet, and you have a responsibility to do your part.”

But yet as Brian Krebs reports at the end of his excellent piece, a recent ISACA survey found that:

  • 62 percent of organizations surveyed recently reported experiencing ransomware in 2016
  • only 53 percent said they had a formal process in place to address it

These attacks cause significant economic losses. They erode trust in the Internet. They limit the opportunities we all have online.

Collaborative security is a shared responsibility. We all have a part to play. We need to put the security processes in place to reduce these threats. In our companies and organizations. In nonprofits, schools, and community groups. In our homes. In our own actions.

We have the opportunity to shape tomorrow and build a stronger, more trusted Internet. One where ransomware no longer hits on a global scale. 

Read Niel’s 6 tips. Promote the approach of “Collaborative Security“. Develop and implement security management strategies. Ask strong questions inside your organization.

Take action.

The time is now.

——

UPDATE #1 – There are now reports of a “vaccine” in the form of a file you can create on a Windows system to prevent the ransomware from running. This is not a “kill switch” that can apply globally, but it is something that can be done on individual PCs. If the ransomware finds that this read-only file exists, it will not perform its attack on that machine.

——

See also our past articles about the WannaCry attacks:

The post New Petyawrap Ransomware Attack Again Highlights Critical Need For Security Processes appeared first on Internet Society.