Petya Problems: How to Protect Your Enterprise from Ransomware

by Ross Dyer

If any cyber threat trend could sum up the year so far, it would be ransomware. The stats speak for themselves: Trend Micro found the number of enterprise infections in the first two months of 2016 was more than triple the number in the whole of Q1 2015. As long as it remains a quick and easy way for cybercriminals to make money, they will stick with it.

Recently we’ve discovered some new innovations going on in the world of ransomware which makes it all the more important that IT bosses revisit their security strategies to minimise the risk of infection. ‘Petya’ is a variant of the crypto-ransomware so popular in cybercrime circles today. But here’s the difference: this version will overwrite a targeted PC’s Master Boot Record (MBR).

This means the victim won’t even be able to boot up their PC. Instead, even before the operating system loads up, the screen will fill with a flashing red-and-white skull and crossbones. As usual, failure to pay up in Bitcoins will lead to the loss of your files forever.

Taking action
Ransomware has the power to disrupt entire organisations by locking users out of key files and systems. But its success in recent months is more an indication of poor IT security than anything else. If organisations put network segmentation in place then they could contain an infection and put an end to the risk of an enterprise-wide IT shut down. Similarly, whitelisting technology would block any unapproved programs from running, stopping ransomware before it has a chance to infect systems.

Always remember to back-up at least one media offline so it’s safe from infection. And disable macros which can also spread malware. User Rights Management and User Access Controls (UAC) will help to further reduce risk and contain any infection. And pay more than lip service to user education. Yes, you need to teach employees not to open suspicious attachments or click on links in unsolicited emails – in the case of Petya it was a malicious Dropbox link. But merely telling staff won’t get the desired response. You need to hire pen testers to attack their inboxes and report the results internally.

It’s a great motivator to be more cautious next time. If we all get better at the cyber security basics, ransomware won’t be nearly as lucrative for the black hats.

 

Leave a Reply

Your email address will not be published. Required fields are marked *