Second Massive Ransomware Outbreak Hits Businesses Around The World


Printer-friendly version Email this CRN article

On the heels of the WannaCry ransomware attacks last month, a second massive ransomware outbreak on Tuesday is once again putting the dangers of ransomware front and center on a global basis. 

Some of the first reports of businesses hit by the attack came out of Ukraine, with reports of systems compromised at the country's central bank, state telecom, local metro, electricity supplier, and airport.

The attack also appears to be going global, with reports of businesses affected in Russia, Denmark, Spain, the United Kingdom and the United States. Companies in the U.S. affected include DLA Piper and pharmaceutical giant Merck.

[Related: WannaCry Debrief: MSPs Say Proactive Security Key To Guarding Against Next Ransomware Attack]

The attacks come on the heels of a massive outbreak of ransomware last month, with WannaCry ransomware hitting more than 200,000 computers around the world, including high-profile hits on the United Kingdom's National Health Service, telecom companies and major corporations like FedEx. Attacks using WannaCry ransomware are still ongoing, with cyber risk analytics platform provider Cyence predicting damages could reach $4 billion globally.

The most recent ransomware outbreak doesn't appear to be the same strain of malware as WannaCry, with one researcher at Kaspersky Lab identifying it as a strain of the Petya ransomware called Petrwrap. It is not yet clear exactly what type of ransomware the attack is, though, with some reports saying it could be an entirely new strain. Reports on Twitter of the ransomware attack show demands for $300 worth of bitcoin in exchange for the encryption key to decrypt compromised files.

Partners said these incidents, combined with the WannaCry ransomware attacks last month, have put ransomware front and center with clients. How the attacks are spreading isn't immediately clear, though some reports say the attacks exploit SMBv1 vulnerabilities, similar to WannaCry, and could leverage the EternalBlue exploit.
 
"This recent attack proves that no organization is immune to cyberattacks, and further underlines the need for them to adopt in-depth defense policies that allow breach detection and action to take place much quicker, protecting both sensitive data and business reputation," Unisys Chief Security Architect Salvatore Sinno said.

Sinno said the attacks are evidence of "the need for vigilance to safeguard information, critical systems, and financial data." While urging organizations to ensure they had sufficient backups, anti-virus, and patching protocols, he also said the outbreak highlights the "limitations of perimeter security models."

Rick Grimaldi, chief strategy officer at Brookline, Mass.-based K logix, said customers need to take a more proactive stance when it comes to these on-going global ransomware attacks if they don't want to become a victim. He said that includes both detection and response capabilities.  

"A proactive and fundamental information security posture is key," Grimaldi said.

Grimaldi recommended customers look at solutions for data backup and recovery, vulnerability and patch management, audit identity and data use, advanced controls for endpoint security and file integrity monitoring, implementing least privilege principles and multi-factor authentication, and user security awareness training. 

Printer-friendly version Email this CRN article