Less than two months after the WannaCry outbreak, the world is faced with another ransomware crisis, this one codenamed Petya. While in the first hours of the outbreak, Ukraine services and networks were the main victims, the virus quickly spread to other countries and areas, including France, Britain, Denmark, and the United States.
The question now is, can the world get ahead of the cybercriminals before a truly devastating attack occurs? Only if we change our overall security practices immediately—and it’s unlikely that’s going to happen.
Ransomware is a kind of malware that encrypts all the files on your hard drive and (obviously) demands for a ransom to give you the decryption key. Attackers usually receive their payments in bitcoin, which makes it much harder to trace them.
Petya (or NotPetya, as some experts call it) retains many of the traits of its predecessor. At the heart of WannaCry’s contagion was a known security bug in the Windows operating system. The vulnerability, revealed by a hacker group that leaked a trove of NSA cyberweapons, was already patched by Microsoft before the WannaCry outbreak.
However, a lot of organizations were not savvy enough to update their systems regularly, and some were still using outdated and unsupported versions of Windows. This lent to the chaotic spread of the virus across hundreds of thousands of computers in a matter of days.
It seems that the carnage caused by WannaCry wasn’t enough to teach businesses and organizations a lesson because Petya took advantage of the same vulnerability.
But while the world has been slow to respond to the rising threat of ransomware, cybercriminals have not remained idle. The details that have been obtained so far about the new breed of malware show that hackers are getting smarter in developing malware and planning attacks.
Petya/NotPetya is in many ways more powerful and dangerous than WannaCry because it uses multiple techniques to wreak havoc. According to security experts, the malware finds passwords on the local filesystem or memory of infected computers and uses it to spread to other systems.
Petya also uses administrative tools present on the system to execute malicious commands on other computers in the network. This can be especially harmful if a computer has administrative privileges, and it means that a single unpatched computer can help spread the malware on an entire network, even if the other devices are fully patched and up to date.
Petya’s developers also made sure not to leave a kill switch, like the kind that enabled a security researcher to stop the spread of WannaCry last month.
In recent years, ransomware has become one of the favorite business models for cybercriminals. Cybesecurity expert Mikko Hypponen recently explained ransomware’s rise in popularity at The Next Web Conference.
“For years and years, criminals online have been making money by stealing information and selling that information to the highest bidder,” Hypponen said in his speech. “The change in ransom trojans is that they realize for many types of data, the highest bidder for the data is the owner of the data itself.”
Targeted businesses and individuals often cave-in to the demands of ransomware attackers simply because they can’t continue work without access to the encrypted data.
In an interview with Forbes, Jakub Kroustek, Threat Lab Team lead at Avast, said, “One of the perfidious characteristics of Petya ransomware is that its creators offer it on the darknet with an affiliate model which gives distributors a share of up to 85 percent of the paid ransom amount, while 15 percent is kept by the malware authors.”
This ransomware-as-a-service model has opened up the use of this type of attack to a much broader, non-technical audience.
This latest episode shows that ransomware as a threat is here to stay and we’ll likely see more similar attacks in the months to come. If there’s a lesson to be learned here, it’s that everyone needs to up their game on cybersecurity. And Petya is a reminder that one person or party being sloppy at security can harm many others. The hacked website of a Ukrainian software company was allegedly used as a beachhead to spread the virus among thousands of users.
Contrary to what most think, for the most part, cybercriminals don’t use sophisticated hacks or zero-days (vulnerabilities that are unknown to a software’s vendor and for which no patch is available). They invest in human failure, in our laziness in updating our system, in our tendency to put convenience over security, to choose weak passwords, to enable the “remember me” checkbox, to avoid set up firewall rules, to leave excessive and unnecessary features in our operating system enabled, and to fail taking many other obvious measures to avoid creating windows of opportunity for attackers.
As the saying goes in cybersecurity, defenders have to win every battle—attackers only have to win once. It’s about time we took it seriously.