The latest global cyber attack with the NotPetya ransomware is a testament to the fact that the world is currently under siege by hackers. The sad news is that this is only the beginning.
Although it was originally believed that this was infection with the Petya ransomware, which was discovered last year, it quickly became obvious that they only shared some code, but had a completely different purpose. While Petya was built to extort money out of people hoping to get their files back, the new infection is here just to wreak havoc.
The attack has affected countless companies across Europe and the US, although Ukraine seems to have taken the brunt of it all, with numerous businesses being affected, as well as the country’s power provider.
Security researchers have managed to pinpoint the source of origin for this entire nightmare – accounting software M.E.Doc, which seems to have suffered a breach. Police say that following a software update pushed on June 22, on June 27th, the update servers pushed out a small download to customers that unpacked a malicious RUNDLL32.EXE.
NotPetya wreaked havoc around the world and it wasn’t even for monetary-purposes
News about this particular infection comes just weeks after WannaCry ran rampant across the world. Similarly to that ransomware, NotPetya can use NSA’s EternalBlue to get inside a computer. Alternatively, it can trick a user logged in as an admin to run a malicious email attachment that installs and runs the malware.
Basically, NotPetya uses an SMB exploit to get into a system and then uses PsExec to spread through the network. Therefore, a single vulnerable machine on a network and you’ve got a large problem on your hands.
Unlike WannaCry, however, NotPetya is here to create havoc. The malware will encrypt people’s files, but there’s no way to decrypt them for now, not even if you decide you wanted to pay the ransom. The $300 worth of Bitcoin demanded by the authors were supposed to be paid after you sent an email to a certain address – address that’s been taken down fast, leaving victims unable to send the attackers their personalized codes. This, obviously, is something the hackers should have known was going to happen, which indicates there was no real desire to amass a fortune by spreading this malware.
There are many voices in the cybersecurity world that believe this attack was state-sponsored. Two factors contribute to this belief. The first is that the hackers didn’t really want to earn money out of this whole affair, and the second is that the most damage it did was in Ukraine, which could indicate Russia was driving this nightmare truck.
Thankfully, if you update your Windows system, which you should have done months ago, you should be safe from this attack. Well, that and if you don’t click on any suspicious links you get, although it’s only a theory at this point that the NotPetya malware also spreads via infected emails. Having an anti-malware solution on your computer also helps since most have already updated to detect this infection.
There’s also the added protection given by creating a read-only file C:\Windows\perfc.dat on your computer, which researchers claim that it prevents the malware from encrypting your data, although it doesn’t stop it spreading on the network.
That being said, it’s obvious that ransomware has become to the go-to weapon for hackers looking to make a quick buck. Although Windows users are the ones that are most targeted by this type of malware, Mac users have also encountered some threats as well. Android users are also targeted by such infections, although Google’s systems are somewhat good at detecting infected apps in the Store. Installing apps from third-party stores, however, is a gamble.
Most ransomware, however, doesn’t spread with the same speed as WannaCry or NotPetya. This happens mostly because malware spreading at such a wide scale will not bring the attackers any profits because the entire cybersecurity community will work together to put an end to the attack and find solutions to help the victims. When so many specialists work together, a solution is always found.
The latest attack, however, is proof that this is the direction that our world is headed – mass cyber attacks just for the fun of it. Neither the WannaCry attackers or the people behind this latest issue have made any real money out of it, but they did manage to mess up the lives of numerous individuals whose computers are now on lockdown.
Large-scale attacks will continue to pop up every now and then until we become desensitized to the whole idea, until we consider them to be the new normal, much like it has happened on numerous other occasions.
It should also serve as an alarm that the world needs more education when it comes to cybersecurity. People need to learn to avoid clicking on just any link they’re sent via email or messenger, they need to learn to update their operating systems because that means increased security, they need to learn that antivirus solutions can and will save their data from being lost to hackers. Software solutions, however, can only help people to a certain extent and they should act more as a backup plan.