Check Point’s Incident Response Team has identified a new variant of the Petya malware and is offering some key tips on how to avoid being held up for ransom.
Check Point’s Incident Response Team has been responding to multiple global infections caused by a new variant of the Petya malware, which first appeared in 2016 and is currently moving laterally within customer networks. It appears to be using the ‘EternalBlue’ exploit which May’s WannaCry attack also exploited. It was first signaled by attacks on financial institutions in the Ukraine, but soon started spreading more widely, particularly across Europe, the Americas and Asia.
The ransomware is propagating fast across business networks in the same way WannaCry did last month. However, unlike other ransomware types including WannaCry, Petya does not encrypt files on infected machines individually: instead it locks up the machine’s entire hard disk drive.
How the attack happened
The attack started in Ukraine and caused massive disruption to the country’s critical infrastructure, before spreading further in Europe, infecting a number of businesses.
It has been speculated the source of the infection was a compromised software update to a tax accounting software package called M.E. Doc, which was pushed out to the company’s customers, although this has been disputed by M.E. Doc.
Within 24 hours of the attack starting, the method by which victims can pay the ransom fee has been rendered useless: an email address provided by the criminals has been shut down by the hosting provider, while the Bitcoin wallet in which ransoms are supposed to be deposited has not been accessed. The wallet reportedly contains less than $10,000 worth of Bitcoin.
At the same time as the Petya attack, the Check Point research team detected the simultaneous distribution of the Loki bot through infected RTF documents, which install a credential-stealing application to infected devices. However, at this stage, the two attacks do not appear to be directly connected.
Key takeaways from the attack
Check Point believes there are three main takeaways from this latest global ransomware attack:
- This attack could have been avoided, and the ones we will see in the future can be avoided too. With more than 93% of Enterprises failing to deploy the technologies available to protect them from these kinds of attack it is not surprising that they are spreading so quickly. As such business must deploy the solutions that prevent these types of attacks, and keep their security patching regimes up to date.
- It’s time for company, government and organisational leadership to drive the cyber security agenda. These global attacks demonstrate that we need to invest in the future of cyber security. It is critical that modern cyber security technologies are deployed from governmental level down to prevent them happening again. We know that these attacks will continue to happen again and again – so we need to take steps to protect ourselves against them.
- Fragmented security is part of the problem. There are too many disjointed technologies focused on detecting an attack after the damage is done. To address this organisations of all sizes, and in all sectors, need a unified architecture, such as Check Point Infinity, that is focused on preventing the attacks before they hit.
How can you protect yourself and your organisation?
This attack demonstrates two major trends: first, how effectively new variants of malware can be created and spread on a global scale at incredible speed. Second, despite the impact of WannaCry, many companies are still not well prepared to prevent these types of attacks from infiltrating the network.
These attacks have the potential to create massive damage, as seen by the impact on critical infrastructure in the Ukraine. And the consequences of such a rapid spread of infections can have a dramatic effect on day to day lives, crippling critical services and disrupting daily routines.
· Apply all security patches immediately
As security patches for the vulnerabilities exploited by the Petya and WannaCry ransomware have been available for several months, organisations should apply those patches on their networks immediately. They should also ensure that they roll out and apply new patches as they become available.
· Block attacks before they take hold with Next Generation Threat Prevention
Enterprises also need to focus on preventing attacks before they take hold. In these types of attacks, detecting the attack after it has happened is simply too late: the damage is already done. Next Generation Threat Prevention is essential, to scan for, block and filter out suspicious files content before it reaches networks. It’s also essential that staff are educated about the potential risks of incoming emails from unknown parties, or suspicious-looking emails that appear to come from known contacts.
Veeam passes $1bn, prepares for cloud’s ‘Act II’
Leader in cloud-data management reveals how it will harness the next growth phase of the data revolution, writes ARTHUR GOLDSTUCK
Veeam Software, the quiet leader in backup solutions for cloud data management,has announced that it has passed $1-billion in revenues, and is preparing for the next phase of sustained growth in the sector.
Now, it is unveiling what it calls Act II, following five years of rapid growth through modernisation of the data centre. At the VeeamON 2019conferencein Miami this week, company co-founder Ratmir Timashev declared that the opportunities in this new era, focused on managing data for the hybrid cloud, would drive the next phase of growth.
“Veeam created the VMware backup market and has dominated it as the leader for the last decade,” said Timashev, who is also executive vice president for sales and marketing at the organisation. “This was Veeam’s Act I and I am delighted that we have surpassed the $1 billion mark; in 2013 I predicted we’d achieve this in less than six years.
“However, the market is now changing. Backup is still critical, but customers are now building hybrid clouds with AWS, Azure, IBM and Google, and they need more than just backup. To succeed in this changing environment, Veeam has had to adapt. Veeam, with its 60,000-plus channel and service provider partners and the broadest ecosystem of technology partners, including Cisco, HPE, NetApp, Nutanix and Pure Storage, is best positioned to dominate the new cloud data management in our Act II.”
In South Africa, Veeam expects similar growth. Speaking at the Cisco Connect conference in Sun City this week, country manager Kate Mollett told Gadget’s BRYAN TURNER that the company was doing exceptionally well in this market.
“In financial year 2018, we saw double-digit growth, which was really very encouraging if you consider the state of the economy, and not so much customer sentiment, but customers have been more cautious with how they spend their money. We’ve seen a fluctuation in the currency, so we see customers pausing with big decisions and hoping for a recovery in the Rand-Dollar. But despite all of the negatives, we have double digit growth which is really good. We continue to grow our team and hire.
“From a Veeam perspective, last year we were responsible for Veeam Africa South, which consisted of South Africa, SADC countries, and the Indian Ocean Islands. We’ve now been given the responsibility for the whole of Africa. This is really fantastic because we are now able to drive a single strategy for Africa from South Africa.”
Veeam has been the leading provider of backup, recovery and replication solutions for more than a decade, and is growing rapidly at a time when other players in the backup market are struggling to innovate on demand.
“Backup is not sexy and they made a pretty successful company out of something that others seem to be screwing up,” said Roy Illsley, Distinguished Analyst at Ovum, speaking in Miami after the VeeamOn conference. “Others have not invested much in new products and they don’t solve key challenges that most organisations want solved. Theyre resting on their laurels and are stuck in the physical world of backup instead of embracing the cloud.”
Illsley readily buys into the Veeam tagline. “It just works”.
“They are very good at marketing but are also a good engineering comany that does produce the goods. Their big strength, that it just works, is a reliable feature they have built into their product portfolio.”
Veeam said in statement from the event that, while it had initially focused on server virtualisation for VMware environments, in recent years it had expanded this core offering. It was now delivering integration with multiple hypervisors, physical servers and endpoints, along with public and software-as-a-service workloads, while partnering with leading cloud, storage, server, hyperconverged (HCI) and application vendors.
This week, it announced a new “with Veeam”program, which brings in enterprise storage and hyperconverged (HCI) vendors to provide customers with comprehensive secondary storage solutions that combine Veeam software with industry-leading infrastructure systems. Companies like ExaGrid and Nutanix have already announced partnerships.
Timashev said: “From day one, we have focused on partnerships to deliver customer value. Working with our storage and cloud partners, we are delivering choice, flexibility and value to customers of all sizes.”
‘Energy scavenging’ funded
As the drive towards a 5G future gathers momentum, the University of Surrey’s research into technology that could power countless internet enabled devices – including those needed for autonomous cars – has won over £1M from the Engineering and Physical Sciences Research Council (EPSRC) and industry partners.
Surrey’s Advanced Technology Institute (ATI) has been working on triboelectric nanogenerators (TENG), an energy harvesting technology capable of ‘scavenging’ energy from movements such as human motion, machine vibration, wind and vehicle movements to power small electronic components.
TENG energy harvesting is based on a combination of electrostatic charging and electrostatic induction, providing high output, peak efficiency and low-cost solutions for small scale electronic devices. It’s thought such devices will be vital for the smart sensors needed to enable driverless cars to work safely, wearable electronics, health sensors in ‘smart hospitals’ and robotics in ‘smart factories.’
The ATI will be partnered on this development project with the Georgia Institute of Technology, QinetiQ, MAS Holdings, National Physical Laboratory, Soochow University and Jaguar Land Rover.
Professor Ravi Silva, Director of the ATI and the principal investigator of the TENG project, said: “TENG technology is ideal to power the next generation of electronic devices due to its small footprint and capacity to integrate into systems we use every day. Here at the ATI, we are constantly looking to develop such advanced technologies leading towards our quest to realise worldwide “free energy”.
“TENGs are an ideal candidate to power the autonomous electronic systems for Internet of Things applications and wearable electronic devices. We believe this research grant will allow us to further the design of optimized energy harvesters.”