Smart Buildings

Latest Cyber Attack Underlines The Need For Better Protection

Copy article link
It hasn’t even been seven weeks since WannaCry, “the biggest ransomware attack of it’s kind,” and here we are again. On Tuesday began a new ransomware attack quickly, and perhaps premtively, dubbed ‘Petya’ - which is currently and quickly spreading across the world, crippling computer systems and demanding victims pay-up to regain access to their files. Yesterday morning sources revealed that the software used is not a form of Petya, as was being widely reported, but a new form of ransomware. “Our preliminary findings suggest that it is not a variant of Petya ransomware, as has been publically reported, but a new ransomware that has not been seen before. While it has several strings similar to Petya, it possesses entirely different functionality. We have named it ExPetr,” Kaspersky’s Principal Security Researcher, David Emm, told Memoori. Early signs suggest that ExPetr has been seeded through a software update mechanism built into an accounting program required by […]

Stay ahead of the pack

with the latest independent smart building research and thought leadership.

Have an account? Login

Subscribe Now for just $200 per year per user (just $17 USD per month) for Access to Quality Independent Smart Building Research & Analysis!

What Exactly Do you Get?

  • Access to Website Articles and Notes. Unlimited Access to the Library of over 1,700 Articles Spanning 10 Years.
  • 10% discount on ALL Memoori Research reports for Subscribers! So if you only buy ONE report you will get your subscription fee back!
  • Industry-leading Analysis Every Week, Direct to your Inbox.
  • AND Cancel at any time
Subscribe Now

Want a Corporate or Group subscription? Get in touch.
Email us at: support@memoori.com

It hasn’t even been seven weeks since WannaCry, “the biggest ransomware attack of it’s kind,” and here we are again. On Tuesday began a new ransomware attack quickly, and perhaps premtively, dubbed ‘Petya’ - which is currently and quickly spreading across the world, crippling computer systems and demanding victims pay-up to regain access to their files.

Yesterday morning sources revealed that the software used is not a form of Petya, as was being widely reported, but a new form of ransomware. “Our preliminary findings suggest that it is not a variant of Petya ransomware, as has been publically reported, but a new ransomware that has not been seen before. While it has several strings similar to Petya, it possesses entirely different functionality. We have named it ExPetr,” Kaspersky’s Principal Security Researcher, David Emm, told Memoori.

Early signs suggest that ExPetr has been seeded through a software update mechanism built into an accounting program required by companies working with the Ukrainian government, according to the Ukrainian Cyber Police.

Numerous organizations in Ukraine were among the first hit on Tuesday, including the radiation monitoring system for the exclusion zone at former nuclear plant in Chernobyl, which was taken offline forcing workers to use hand-held counters for the vital measurements.

Ukraine has been the target of other cyber attacks in recent years, including assaults on its power grid at the end of 2015 and 2016, when it pointed the finger of blame at Russia amid the tension from rebel fighting in eastern Ukraine. Similar to last month’s WannaCry attack, this latest ransomware is spreading quickly and internationally.

ExPetr has already brought down systems at large firms in Europe and the US; including the British advertising company WPP, Danish shipping and transport giant AP Moller-Maersk, French construction materials firm Saint-Gobain, food company Mondelez, legal organization DLA Piper and Heritage Valley Health System, which runs hospitals and care facilities in Pittsburgh. Interestingly, considering suspicions of Russian involvement, the new ransomware attack also hit Russian steel and oil firms Evraz and Rosneft.

In fact, Ryan Kalember from cyber security company Proofpoint, suggests ExPetr “has a better mechanism for spreading itself than WannaCry” - and WannaCry managed to infect 230,000 computers in over 150 countries, disabling the UK’s national health service, Spanish communications giant Telefónica and the German state railway.

Like WannaCry, the ExPetr ransomware exploits the EternalBlue and EternalRomance vulnerabilities in Microsoft Windows in order to propagate throughout a corporate network. Microsoft released a patch for it shortly after the WannaCry attack, but it is likely that many are yet to install it. However, there is a key difference from WannaCry that could mean victims may not be able to recover their files even if they pay.

“One of the key differences from WannaCry is that there doesn’t appear to be a kill-switch, i.e. a mechanism that will stop if from infecting. This is why it’s essential to ensure that systems are fully updated and to ensure that data is backed up regularly,” David Emm told us yesterday.

Whereas WannaCry created a custom address for every victim, ExPetr uses the same address each time. It also provides a single email address for victims to communicate with the attackers, which was quickly suspended by the email provider, leading some to suggest that the cyber criminals were amateurs and others to suggest that money was not the primary objective of the attack.

Whatever the reasons behind this latest incident, it underlines the need for better protection in what seems to be just the beginning of a new era of frequent cyber threats, be they ransomware, DDoS or other forms. However, with so many styles and points of attack, true protection becomes a tricky business. Kaspersky’s Emm believes we are best protected by developing a culture of security, as he discussed in-depth in an interview with Memoori last week.

“ExPetr uses modified EternalBlue and EternalRomance exploits for propagation within a corporate network. So ensuring that systems are robust by applying security updates is a key element in blocking this attack, as well as preventing execution of specific files used by the malware,” Emm added yesterday, after the ExPetr attack.

“That said, it remains vital for businesses to develop a security culture to reduce the risk of staff clicking on dangerous links and attachments and so spreading malware. This takes time and needs continual reinforcement – it’s a cultural shift that’s required, rather than training staff to do specific things.”

[contact-form-7 id="3204" title="memoori-newsletter"]

Most Popular Articles

Solaredge Technologies
Energy

SolarEdge Technologies Augments its Solar Energy Management Portfolio

This Research Note explores SolarEdge Technologies, a NASDAQ-listed firm headquartered in Israel with $3 billion in revenues, providing intelligent inverters for photovoltaic systems, primarily in the smart home sector. We examine recent acquisitions, funding, and product launches that augment the company’s software and product portfolio addressing real estate owners and operators in the commercial, industrial, […]

Nordomatic 2024 Map
Smart Buildings

Mapping the Strategic Direction of Nordomatic in Smart Buildings

In this Research Note, we explore the strategic direction of Nordomatic, the leading independent BMS systems integrator in Scandinavia. This Research Note examines the company’s strategic priorities in the smart commercial buildings space. through mapping M&A and investment activity to ascertain the growth ambitions of the business from 2019 to date. Founded in 1967 and headquartered in […]

Subscribe to the Newsletter & get all our Articles & Research Delivered Straight to your Inbox.

Please enter a valid email

Please enter your name

Please enter company name

By signing up you agree to our privacy policy