Skip to main content
Uncategorised

Malware Monday – Ransomware

By October 2, 2017No Comments

As part of European cybersecurity awareness month, we at Eskenzi PR are doing our part and will be producing a one-off series to promote cybersecurity. Today’s edition is Malware Monday – Ransomware.

 

Ransomware (noun): a type of malicious malware designed to block access to a computer system until a sum of money is paid. A simple definition with catastrophic ramifications.

 

For many unattached from the world of cyber or technology, ransomware is just a meaningless word lost among the catalogue of phrases used by IT professionals. That certainly changed in 2017.

 

Here’s why:

 

On 12th May 2017, a ransomware worm named WannaCry wreaked havoc around the world, infecting hundreds of thousands of systems used by some of the largest corporations including banks, hospitals, airports and utilities.  Shadow Brokers, the cyber criminals believed to be behind the attack, used NSA leaked hacking tools to spread the virus through a Microsoft system flaw. Despite its global reach, the malware had known flaws and within 72 hours, security researchers located a kill switch.  Nevertheless, WannaCry crippled systems in over 150 countries, including the UK, where the NHS was brought to a standstill with systems in majority large proportion of hospitals and facilities being corrupted.

 

No less than a month later, ransomware once again made international headlines. The variant known as NotPetya or Petya or Goldeneye spread like a swarm of locusts, causing devastation to many organisations across Europe and America including the likes of major advertiser WPP and Danish shipping giant Maersk. However, it was Ukraine that was critically hit with utilities like energy and power grids, airports and banks all being taken offline. NotPetya manifested through known flaws within networks that used Microsoft Windows and exploited systems by using a modified version of EternalBlue SMB, the same NSA tool used in the WannaCry attack.

 

Attacks like WannaCry and NotPetya acted as a global wake up call for organisations to take cybersecurity seriously. As it becomes more of a recognized issue and with such severe consequences, cybersecurity can no longer be ignored.

 

Javvad Malik, security advocate at AlienVault has given his thoughts regarding the growing threat ransomware poses, not only now, but in the years ahead, and has given advice on how organisations can prevent their data becoming hostage.

 

“Ransomware has stolen most of the headlines thus far this year and they continue to be a popular attack avenue. What we have seen is a clearer splintering of attacks whereby there are cybercriminals in it for the money that primarily utilise ransomware, and on the other side we have more targeted attacks by highly skilled groups.

 

“We saw the success WannaCry had in spreading with the EternalBlue vulnerability despite there being a windows patch in place. Cyber criminals will continue to use techniques that provide a return on investment until such a time they no longer work, or a readily-available alternative exploit becomes available. So, we can probably see malware gradually evolving over the coming year at the same rate as had been so far and unlikely to see a massive change in direction.

 

“A lot of preventative measures come down to employing fundamental security practices. This includes good patch management, network segregation, maintaining backups, and having good threat detection controls in place.”

 

FYI: ransomware has been identified as being the top threat facing computer users by the European policing agency, Europol!

 

By Rohit Chavda, Account Executive