On June 27, 2017 a number of organisations across Europe began reporting significant system outages caused by a ransomware strain referred to as Petya. The ransomware is very similar to older Petya ransomware attacks from previous years, but the infection and propagation method is new, leading to it being referred to as NotPetya. Due to the sudden and significant impact of the attack, it was immediately likened to the WannaCry outbreak causing concerns globally.
Firms across the globe have been hit by a variant of the Petya or Petwrap strain of ransomware impacting Windows servers, PCs, and laptops. Initial reports suggest this latest attack struck The Ukraine initially but it has quickly spread to many other countries including Russia, Spain, France, the UK, The Netherlands, and the US. Currently the attackers are asking for $300 worth of Bitcoins to retrieve access to data, however, there are reports that a business in South Korea has paid $1m to get access.
It’s been a busy week in the security world. On Friday 12th May 2017 the world was hit by one of the biggest ransomware out breaks in recent times. It reached 74 countries and more than 45,000 systems. By Monday, this was more like 150 countries and 200,000 systems, according to Europol. When a kill-switch was found to disable the virus, it was a matter of hours until new variants were infecting systems at a rate of 3,600 per hour.
On Friday, a cyber attack on an unprecedented scale struck a wide range of organizations in over 99 countries across the globe. The ransomware attack, known as WanaCry or WanaCrypt0r shut down IT systems in NHS hospitals and GP surgeries in the UK as well as many large global organizations including Telefonica, FedEx and Renault.
For nearly a decade, Avecto's customers have relied on Defendpoint to underpin "traditional AV", next generation AV, machine learning and advanced network-based analysis solutions. Despite notable advances, detection will never reach 100% efficacy.
As another busy year in cyber security draws to an end, our team shares their thoughts on the trends and issues we should keep an eye out for in 2017. How can we stay protected against the latest threats? I asked our experts for their views and we’d be interested to hear your predictions too.
To be clear, a ransomware developer’s goal is not to destroy your data. The main driver is money, and they care about lining their own wallets (usually bitcoin wallets but this does not make a big difference to you,) which means that destroying your data isn’t really the goal they are trying to achieve.
In the tech world recently there have been discussions regarding a new type of ransomware, which has been dubbed “PowerWare”. It has been named this way due to the fact that instead of using an exploit to download malicious software to run on the users’ machines and encrypt their files, exploits are instead used to invoke PowerShell to do the damage.
Locky is the latest in an ever increasing range of ransomware threats used by cyber criminals in an expanding and increasingly lucrative market. What makes Locky special is that it appears to have come from the same group behind several large Dridex campaigns showing that they are possibly diversifying their range of attacks.
Earlier this year, a study from IDC and the National University of Singapore (NUS) predicted that enterprises will spend around $500 billion in 2014 on making fixes and recovering from data breaches and malware. In the past few months alone, we've seen Target reveal the cost of its recent breach could reach as much as $148 million. The figures are stark, but for the uninitiated the world of malware and its history is something of a mystery. So, where did they originate? How have they changed? And what does the future of malware look like?