The global ransomware epidemic is just getting started – CNET

Petya ransomware cyber attack

The Petya ransomware spread across the world on Tuesday at an alarming rate. 

Donat Sorokin\TASS via Getty Images

Thousands of computers around the world are being locked up by a fast-spreading ransomware. Big business are getting hit. An entire hospital is shut out of its system. Suddenly, it’s everywhere: the next big ransomware attack.

Here we go again. And again and again and again and again.

GoldenEye, a new strain of the Petya ransomware, took the world by storm on Tuesday morning after starting from a cyberattack in Kiev, Ukraine. From there, it spread to the country’s electrical grid, airport, and government offices. At the Chernobyl nuclear disaster site, workers had to monitor radiation manually because of the attack. And then it started to go global.

Russia’s largest oil production company, Rosneft, suffered a cyberattack. AP Moller Maersk Group, the largest shipping company in the world, had to shut down several of its systems to prevent the attack from spreading. Merck, based in Kenilworth, New Jersey, and one of the largest pharmaceutical companies in the world, also suffered a massive hack.

The list of affected victims goes on, just like it did for WannaCry when the ransomware hit in May and locked up more than 200,000 computers.

It only took 44 days until Goldeneye reared its head. The bad news: these widespread attacks are just going to keep on coming.

Ransomware has been around for years, but generally only targeted individual networks, like a single hospital or person. But after hacker group “Shadow Brokers” leaked the National Security Agency’s exploits, it gave cybercriminals a much more dangerous weapon.

The NSA’s EternalBlue exploit, which took advantage of the Windows PC’s ability to quickly spread files across a network, was the ammunition that powered both WannaCry and GoldenEye. 

With the exploit, you don’t need to be breached personally to get infected.

Even if you’re a responsible user on an updated computer, somebody on your network could be tricked and download malware through emails or a loaded Word document.

It’s why you’re seeing attacks of these scale, and why the word “unprecedented” keeps getting thrown around with each incident.

Imagine fishing with a single rod and then you’re given a giant net. For hackers, it’s time to head out to sea.

Ransomware 2.0

The mix of the NSA’s hacking tools with normal malware has created a dangerous combination, especially since you can essentially go shopping for malware. GoldenEye is a variant of Petya, which was sold on forums on the dark web since last April as a ransomware service — the buyers get 85 percent of the profit, while the malware’s creators reap in 15 percent.

“You don’t have to be a cyber wiz to inflict cyber damage,” Michael Daly, the chief technology officer at Raytheon Cybersecurity, said in an email. “Various Do-It-Yourself kits are available as well as ransomware as an outsourced service on the Deep Web forums.”

The malware has gotten smarter, too. WannaCry, despite its widespread fame, was fairly basic. A researcher accidentally discovered its killswitch after experimenting with a registered domain name.

Compared to GoldenEye, WannaCry looked like it was written by amateurs. Using Petya, the recent ransomware attack not only encrypted crucial files, but your entire hard drive, and forced your computer to restart.

It also deletes the computer’s event logs to cover their tracks and hide from analysts, said Mark Mager, a security researcher at Endgame.

“Forensic analysts will be unable to access this data that would be useful to their investigation,” Mager said in a direct message.

And you can’t just accidentally find the killswitch again. Amit Serper, a Cybereason researcher, found a way to block Petya by creating a file on your hard drive, but it won’t shut down every infection like the WannaCry killswitch.

Marcus Hutchins, better known as Malware Tech and the researcher who found the WannaCry fix, said the fix would not be “doable remotely.”

The fix isn’t in

WannaCry was supposed to be a wake-up call for people to update their computers with the latest software. But it appears people just forgot about the attack and went on with their lives.

Avast, an antivirus company, found that 38 million PCs scanned just last week still have not patched their systems. That’s after Microsoft released special patches so outdated computers running on Windows XP and earlier versions could be protected from the NSA exploits.

Considering that not everybody uses Avast, Jakub Kroustek, Avast’s threat lab lead, inferred that the “actual number of vulnerable PCs is probably much higher.”

Microsoft did not respond to requests for comments on how many people downloaded their patches.

Evidently, WannaCry was not the tipping point for people to actually act, and if the trend continues, GoldenEye won’t be either.

The attacks are getting smarter, making more money, being sold as tools, and people are leaving themselves vulnerable.

I’ll see you in a month for the next massive ransomware attack. 

Leave a Reply

Your email address will not be published. Required fields are marked *