Another Ransomware Attack Threatens the West

Another high risk/high impact ransomware attack has hit Russia, Europe, and the United States. Here’s what you need to know…

A major ransomware attack has crippled businesses in Europe and Russia. The infection is very similar to last month’s WannaCry attack. The worst reports are coming from Ukrainian businesses, with systems compromised at Ukraine’s central bank, state telecom, and Kiev’s Boryspil Airport.

The attack has even affected the Chernobyl nuclear power plant, which had to switch manual radiation monitoring (scary!). Infections have also been reported in more isolated devices like point-of-sale terminals and ATMs.

The virus has also spread internationally. The Danish shipping company Maersk has also reported systems down across multiple sites. The pattern and methodology are very similar here to Wannacry in that the attackers are targeting low tech networks that have invested only bare bones for their IT security making them easy victims.

First reports from a Kaspersky (whom Upward partners with for our client’s security) identified the virus as a variant of the Petya ransomware, although the company later clarified that the virus is an entirely new strain of ransomware, which it dubbed “NotPetya.” Not great since this means that security groups have to find new ways to protect against it.

However, through our research, we have found that Windows Defender, Microsoft Security Essentials, MalwareBytes, and Kaspersky are all capable of detecting and preventing infection caused by this new attack.  Despite news articles comparing this attack to the recent “Wannacry” attacks, this is a NEW malware which requires user interaction to infect your machine and is not the same code as WCry32. So you as a user also can act as your own firewall. Basically, if you see something, say something, and contact us right away.

Petrwrap or “NotPetya” appears to be a run of the mill ransomware program. Once infected, the virus encrypts each computer to a private key, making it unusable until the system is decrypted by the attackers. The program then tells the user to pay $300 to a Bitcoin address.

As far as we know, the attack isn’t over but that it has mostly been held to Europe with few cases in the states. If you think for whatever reason you might be infected or you’re worried that your anti-virus is out of date, please contact Upward Technology asap. We’ll take care of you.

The big take away here is that outdated systems and security applications are what is being targeted. We’ve said it before but another reminder here doesn’t hurt: it is time to ditch any computer you have in your environment that’s older than Windows 8.1 Professional. The security risks in older operating systems have proven to be severe. Contact us today about making a plan to phase out the machines you own that are the most at risk!

If you’d like to know more about symptoms and what action needs to be taken please see this helpful article from Malwarefixes.com.