Two months after one of the worst ransomware attacks in history was conducted via WannaCry, a newer, more dangerous version is out in the wild. Security researchers have called it Petya, and it’s even more devastating than WannaCry. Petya has some of the same characteristics of WannaCry, including using the notorious EternalBlue exploit for Windows. The only difference with Petya is that, according to one well-known security researcher, it is currently spreading over local networks. This threat of a more advanced WannaCry that could be spread through phishing and spammy emails and links should be enough to seriously alarm IT, managers.
One of the main reasons as to why WannaCry and now Petya are so successful in their infection is because of unpatched systems. According to KrebsonSecurity, Microsoft did release a patch for an EternalBlue exploit in March 2017, but only a few companies took the time to install the patch and update their systems. The many that didn’t be the victims of WannaCry, and now Petya.
Managed FZ-LLC is responsible for making sure that companies large and small in the UAE are not exploited by this new ransomware threat. Managed has been busy helping large customers assess the overall security of their IT infrastructure with theRADIUS VA/PT service, as well as perform packet analysis to see what exactly is going through their networks – in order to ensure a secure IT environment. In addition, Managed sent an alert to its customers via its proprietary Managed Security Threat Advisory service – in advance of mainstream media, so that they can be forewarned and prepared.
The two key ways to ensure that an organisation survives these attacks, which are getting worse as time goes by, is to ensure that first, all systems, including servers, client machines, and networking gear have up-to-date patches and second, data backups are made regularly, and data restoration is tested. Companies should also regularly conduct Vulnerability Assessments and Penetration Tests, to ensure that rogue malware and traffic can’t get into the infrastructure and that no malicious data can leave unchecked. This should be coupled with frequent user security awareness training exercises.
To learn more about how your business can be protected and prepared for these cybersecurity crises, contact Managed Services now.