Washington, D.C. – The world was hit with another widespread ransomware attack on Tuesday morning. Early reports suggest the virus, potentially related to an existing strain of malware called Petya, is spreading rapidly from Europe to the U.S. and countries around the world (New York Times; NPR). [mK1] As in many cybersecurity incidents, little is known yet about the actors and the motivation behind this event, although a $300 bitcoin ransom is being requested to decrypt files. It may take some time to fully attribute the attack to a specific source.
This is the second large-scale ransomware outbreak in the last three months, following WannaCry in May. Ransomware is not new. The first case of encrypting files and demanding payment was in 1989. Ransomware attacks have been increasing as cybercriminals become more sophisticated and as crypto-currencies create a vehicle for non-traceable payments.
“On the heels of WannaCry, we yet again see the vulnerability of connected systems across the globe. Today’s attack hit critical infrastructure—finance, transportation, manufacturing and more,” said Michael Kaiser, executive director of the nonprofit National Cyber Security Alliance in Washington, D.C. “It is much more than an inconvenience. We are more dependent than ever on the data stored across our computer systems. It is our shared responsibility to do our part in keeping devices secure. It all starts with basic cyber hygiene around software updates and locking down logins.”
“Prevention is clearly the goal,” adds Kaiser. “However, organizations and individuals should also be prepared to respond to and recover from an attack to minimize downtime and disruptions.”
There are defenses that can help to prevent ransomware infections. Basic cyber hygiene can provide significant immunization against such attacks, including:
- Keep clean machines: Prevent infections by updating critical software as soon as patches or new operating system versions are available. This includes mobile and other internet-connected devices.
- Lock down your login: Strong authentication — requiring more than a username and password to access accounts — should be deployed on critical networks to prevent access through stolen or hacked credentials.
- Conduct regular backups of systems: Systems can be restored in cases of ransomware and having current backup of all data speeds the recovery process.
- Make better passwords: In cases where passwords are still used, require long, strong and unique passwords to better harden accounts against intrusions.
- Check with your software vendors: In the wake of an attack of this nature, software vendors may issue patches or other solutions to eliminate specific vulnerabilities discovered during the attack. Implement those fixes as soon as possible.
A good starting point for any organization is implementation of the National Institute of Standards and Technology (NIST) Cybersecurity Framework. By addressing five easy steps — Identify, Protect, Detect, Respond and Recover — businesses and organizations can begin to craft a holistic approach to cybersecurity.
Other helpful resources include:
- Stay Safe Online: https://staysafeonline.org/re-cyber/
- The Federal Trade Commission’s (FTC’s) Start with Security: https://www.ftc.gov/news-events/audio-video/video/start-security-free-resources-any-business
- The No More Ransom Project: https://www.nomoreransom.org/
- The Department of Homeland Security (DHS) Critical Infrastructure Cyber Community or C³ (pronounced “C Cubed”): https://www.us-cert.gov/ccubedvp