It seems that almost every week there’s another ransomware attack warning hitting the news channels. Some of these blow out quite quickly, but others are set to become legend.
The latest ransomware doing the rounds has been called “NotPetya” – this name is to distinguish it from a similar attack (Petya) which hit back in March but is an entirely different strain of software.
NotPetya uses similar attack vectors to the recent WannaCry attack which disabled systems across Europe including many hospitals in the UK. WannaCry exploited a vulnerability in older Windows operating systems which had not been kept up to date with security patches, and NotPetya uses similar vulnerabilities. It is distributed through email messages asking you to open an attachment or click on a link.
According to current reports a number of large organisations have already fallen victim to this latest attack, including shipping giant Maersk, the radiation monitoring systems at Chernobyl, an airport in Kiev as well as POS terminals and ATMs! Suspicion is this ransomware originated in Russia.
NotPetya doesn’t just encrypt your data files – it locks your entire computer! After infecting your computer the system will restart and perform a fake chkdsk function (check disk) following which it will present the ransom page demanding payment.
Don’t pay the ransom! It only rewards the criminals and encourages further ransomware attacks.
Ideally you have adequate security measures in place to prevent these attacks getting through, your systems are kept up to date so that the vulnerabilities are patched, and that you have backups from which you can recover. The best protection is a multi-layered approach – you can read about this here.
If you want to be sure you have the best chance for prevention and recovery then get in touch asap – don’t become a statistic.