Fallout from today’s attack could dwarf Wannacry’s
A ransomware attack like May’s Wannacry struck thousands of computers across the world today, taking sensitive data hostage and demanding $300 in Bitcoin per terminal to release it. As of this moment, incidents are concentrated in Russia and Ukraine, but have also been reported in Britain, Romania, the Netherlands and Norway.
The malware, dubbed GoldenEye, could strike in the US. The U.S. Department of Homeland Security is on high alert, monitoring the attacks and bracing itself for possible widespread disruptions stateside.
“GoldenEye is exploiting the same vulnerabilities as Wannacry,” Vaultize CTO and co-founder Ankur Panchbudhe said. “But its scale could be much larger, its monetary impact globally more painful, as it could sweep through the US and other Western countries as the day goes on.”
According to the Reuters news network, the ransomware took down servers at Russia’s largest oil company, wreaked havoc at Ukrainian banks and disrupted operations at the Danish shipping company A.P. Moller-Maersk, which manages 1 out of every 7 freight containers worldwide. Government agencies were also affected – Swiss terminals in India were hijacked.
Affected companies may have failed to heed warnings after Wannacry
GoldenEye appears to be targeting the same or similar vulnerabilities leveraged by Wannacry last month, and many companies that took care to beef up IT and data security in its wake might be safe from today’s attacks.
Still, with over 80 companies and counting reporting problems, it’s clear that many didn’t act quickly enough or at all to safeguard their sensitive data and customer information. GoldenEye is believed to have spread through phishing emails, so email security at affected organizations may also be lax.
Today’s ransomware, originally believed to be a variant of the Petya ransomware family, sports two layers of encryption that are frustrating researchers attempting to design a workaround for impacted businesses.
"There is no workaround to help victims retrieve the decryption keys from the computer," a representative at the Romanian security company Bitdefender said in a Reuters report.
Ransomware defense: endpoint back up and OS updates
Installing recent Windows patches designed to shore up weak points exploited by Wannacry may have kept some businesses safe from today’s attacks, but the best defense against ransomware attacks is endpoint backup.
By backing up data on all endpoints that may contain sensitive information, IT can simply roll back systems to versions before the malicious software gained entry. It’s a simple solution.
Read more about endpoint backup.
Vaultize is an innovative data security company that allows customers to track and control their documents from creation to deletion on any device, anywhere. From CYA to compliance, Vaultize provides data protection without restricting use. Vaultize’s platform utilizes DRM and encryption to secure any and every file, protect those files no matter where they travel, and provide visibility into who is accessing them and how they are being used. The Vaultize platform is nearly transparent to users, scalable and flexible to deploy. For more information, visit www.vaultize.com.