When we say “It’s when, not if,” we mean it.

GoldenEye, a new strain of the Petya family of ransomware, turned the digital world on its head Tuesday morning after initiating from a cyberattack in Kiev, Ukraine.  From there, it spread to the country’s electrical grid, airport, and government offices.  At the Chernobyl nuclear disaster site, workers had to monitor radiation manually because of the attack.  And then it went global, affecting thousands of systems across the globe, including large multi-national corporations like Maersk, Rosneft and Merck.  

Sound familiar?

When the Wannacry ransomware tore through the UK and Europe last month, ransomware attacks were nothing new. But WannaCry had a secret weapon — a sophisticated software exploit known as EternalBlue. Developed by the NSA, EternalBlue was nation-state level weaponry used against civilian targets, much like using an Army tank to break into the local credit union. Just 44 days later, GoldenEye accomplished damage just as widespread, but with new tricks up its sleeve including new worm capabilities that allows it to move across networks. WannaCry had a kill switch (a possibly unfinished feature meant to help the ransomware avoid analysis) that allowed researchers to drastically reduce the spread. So far, GoldenEye shows no signs of containing such a glaring error.

WannaCry spread between networks across the internet, relying on EternalBlue to get in and hit systems that hadn’t yet downloaded Microsoft’s patch for that vulnerability. GoldenEye also targets devices that still aren’t secured against EternalBlue, but it can also deploy other infection options. For example, the attackers seem to be spreading the ransomware through the software update feature of a Ukrainian program called MeDoc, and possibly through Microsoft Word documents laced with malicious macros.

A comprehensive solution is critical.

These hackers are using automatic software updates to spread the virus throughout your network. That means even if you’re a responsible user on an updated computer, you could be vulnerable to infection.  It also means that one or two security measures, like a basic firewall or regularly updating software, are not enough to truly secure your network.

These widespread attacks are going to keep on coming.  The strains of ransomware are getting more sophisticated, making more money, and being sold as tools. And organizations are leaving themselves vulnerable.

How vulnerable is your company? How prepared are you for the next widespread attack? Do you have the proper system defenses in place? How quickly will you be able to detect an intrusion? And how rapidly can you respond and recover?

We can tell you.

SLPowers, in partnership with our sister company, TRUE Digital Security, has developed a Ransomware Readiness Assessment to help you address this growing security threat, and identify gaps for remediation.

We’ll evaluate your organization’s preventive, detective, and corrective controls, and highlight shortcomings that make you more vulnerable.  Just give us a call. 

Categories: Current News and Events, Data Security, Hackers, Internet Security, Malware, Managed Security, Security Breach, SLPowers