Barely a month has gone by since the ‘Wannacry’ ransomware attack took place. Thousands of businesses of all sizes across the globe were affected with reports of over 200,000 computers affected. Some businesses or individuals paid the US$300 Bitcoin ransom demand to get back data that was encrypted and they were locked out of. A ‘kill-switch’ was soon identified and the attack was shut down.
Now, a fresh attack is taking place, dubbed ‘Petya’ or ‘NotPetya’ or ‘GoldenEye’. Again users are locked out of their data with hackers demanding payment of US$300 in Bitcoin to return affected data. Though with only a small amount of ransom payments being received, there are suggestions that this latest attack may not be a true ransomware attack, instead being intended as a purely destructive or politically motivated attack.
Either way, we are again seeing a company-wide crippling of computer systems in some of the world’s largest organisations such as Maersk and TNT, with Australian offices not immune to this latest round of cyber-attacks. Cadbury’s Hobart factory was shut down for over 24 hours.
What exactly does this cyber-attack look like?
- An email containing the virus is opened
- The virus encrypts and locks all files on the computer
- The virus then spreads across the network – followed by ransom payment demands
What can your business do to reduce the impact of a cyber-attack?
The ‘Wannacry’ attack should have served as a wake up call to businesses to ensure that:
- Their operating systems were up to date to help combat future attacks,
- There are adequate preventative measures put in place to reduce the risk of cyber-attack and;
- A comprehensive disaster recovery plan is in place to ensure their business resumes full operations as quickly as possible.
However, with more businesses being affected, it appears the learnings from the May 2017 cyber-attack have not been adopted to combat this next attack.
Take a look at some of the basic steps, that if implemented, would help your business minimise the effects of a cyber-attack:
- It is a proven fact that with both the ‘Wannacry’ and ‘Petya’ attacks, computer network that were updated with the latest Microsoft Windows updates, were not affected by these attacks. Microsoft had already releases patches to fixes these known bugs some two months earlier – How often do you update your operating systems on your computer network / servers or PC?
- If you aren’t an expert in identifying every single piece of ransomware, malware, virus or other nasty that is being emailed through to you – invest in a quality anti-virus program. The features in built into anti-virus programs offered by our partner Sophos, can detect and block malicious emails BEFORE they hit your inbox.
- Too many businesses don’t back up their data. Back up your data. Avoid the potential loss of time and money by having a secured, off site data back up solution in place. If one of the data back up solutions you have in place is to an external drive – ensure that when you hear about a new major cyber-attack, unplug your external back up drive and replace it with the next back up drive in your drive rotation.
- Invest the time to regularly train your staff so that they know how to identify malicious emails. Don’t open suspicious emails. Don’t open unfamiliar links or emails from untrusted senders. Always check the sender’s email address to ensure that this matches to the web domain of the intended sender.
If you are unsure whether you are adequately protected by your current I.T. service provider or need help to start implementing the above strategies in your business, ask Citcom. We can help guide you on the right way forward.
Michael Wojtowicz
Citcom Professionals Australia