Custom Search
 


Ransom demand received by an enterprise yesterday
 
 
Renewed wave of cyberattacks reveal more complex agenda

The new Ransomware unleashed on Tuesday,   is more lethal on the systems it attacks -- and the financial  motive is unclear
Bangalore, June 28 2017: The   assault on computers worldwide  which began in the Ukraine on  June 27, appears on a superficial level,  to be a  replay of the  scenario that prevailed at the so-called 'WannaCry' attacks  six weeks ago. (See previous story).
Once more corporates in a wide swath from the US to Russia to Scandinavia to Australia, and including India,  have  had their systems go down or  access to their data blocked. In  many --  but not all -- cases, this is accompanied by  a demand to pay a ransom of the equivalent of $ 300 in bitcoins, to restore the deliver a key that restores computers to working order.
Last time around, in mid May, it hinged on vulnerabilities of Microsoft's  Windows XP systems which had not applied the latest patch. This time the malware is more malicious: it attacks  and encrypts the Master File Table ( MFT) of the hard drive and effectively  destroys the Master Boot Record ( MBR) which means you cannot boot up the computer. The attackers are  demanding that victims send their wallet numbers by e-mail to “wowsmith123456@posteo.net” and at the time of writing some 25  victims seem to have done so, remitting about $6000. This does not seem to be big enough money to make it worthwhile -- so analysts are suggesting the initial attacks -- mostly in the Ukraine where all ATMs in the capital Kiev,  stopped working - may be a political attack against the Ukrainian government: It occurred  a day before a holiday marking the adoption in 1996 of Ukraine’s first Constitution after its break from the Soviet Union.
But that does not explain why an assortment of global enterprises have also reported being affected -- Russia’s top oil producer Rosneft, Danish shipping giant A.P. Moller-Maersk, pharmaceutical company Merck & Co, German postal and logistics company Deutsche Post, French construction materials company and float glass maker Saint Gobain, Netherlands-based shipping company TNT and a unit of candy manufacturer  Cadbury. 
Computers  at the India-based  operations of  German company Beiersdorf AG , the maker of Nivea skincare products and the  Indian unit of British consumer goods company Reckitt Benckiser  maker ofDettol and Lysol, have been reportedly  attacked.

Ransom-as-a-service
Initially, the attack  was said to be using the malware known as Petya (  which means Little Peter in Russian). Chillingly, Petya is available for sale  on the so-called Dark Web. Anyone can buy it and get started down the path of  demanding ransomware.  This is being cynically dubbed "Ransom as a service" on the  analogy of "Software as a Service".   If so it will make detection that much more difficult since like a hydra-headed monster, multiple baddies could be  cloning the initial attack.
However Kaspersky the Russia-based net security company, says this is not Petya  and indeed, has dubbed in 'NotPetya' although it  uses the  same technology called EternalBlue, hacked from the US national security agency. It also warns that paying the ransom may be futile, since the perpetrators seem not to be interested in  keeping  their word.
So what to do?  Presumably most enterprises keep a back up of data. The way to recover without succumbing to the cyber crooks is to  disconnect the system from the Internet connection,  reformat the hard  disk  and re load data from the back up, while ensuring the latest anti-virus and net security  tools have been activated.

 




    


Post Your Comments Now
       
  Name  
  Email  
  Comment