What you need to know about the Petya and WannaCry cyber attacks

Financial losses, data breaches and reputational damage are just some of the ways a cyber-attack can hit an organisation hard.

The Petya and WannaCry cyber-attacks in May and June are two of the biggest in history and impacted the finances of companies throughout the globe. A recent report by the insurers Lloyd’s of London said a major cyber-attack has the potential to cost as much as a natural disaster. 

WannaCry, which affected numerous organisations, including the NHS, spread to 150 countries and is estimated to have cost the global economy £6bn. 

Petya caused problems with shipping and invoicing for Neurofen manufacturers Reckitt Benckiser, who are expecting to make losses of about £100m as a result of the attack. Some of the world’s largest organisations including Cadburys and Oreo cookies manufacturer Mondelez were also affected by Petya.

A cyber-attack can also lead to a fine for a data breach - a prospect that will become even more real when the new General Data Protection Regulation is introduced in May 2018. 

How WannaCry and Petya worked

To begin with, both attacks were referred to as ransomware attacks because they locked people out of their computers and demanded payment to let them back in. 

Some cybersecurity experts now believe Petya was not a ransomware attack because it was incredibly difficult to pay the hackers. Ransomware attacks usually make it very easy to make payment. They sometimes even offer step by step guidance and a help centre.

Instead, they believe the malware which they are now calling NotPetya, was designed to spread damage rather than collect money. They have suggested the attack may have been disguised as ransomware to make it appear to be criminal led when it may have been state sponsored. 

The malware initially spread through an accounting program used by organisations working with the Ukrainian government. It affected several parts of the country’s infrastructure including banks, airports and railways. It then spread globally through phishing emails, which are disguised as legitimate communications but ask for sensitive information like passwords.

WannaCry and Petya both exploited the same vulnerability in the legacy Microsoft operating system Windows XP and Windows Server 2003. Legacy systems rarely have the necessary security updates, issued in the form of patches, to protect them from the latest threats. Attackers tend to exploit these shortcomings. 

Due to the extent of the WannaCry attack, Microsoft did issue a patch for both platforms but some organisations delayed implementing it before Petya. In addition, up to date systems which hadn’t implemented a patch from March 2017 were also vulnerable to the attacks.

How to protect yourself

Petya and WannaCry reinforced the need to take two crucial protective measures - updating legacy systems and using patches to protect against new threats.

The importance of doing more to educate users on how to prevent malware spreading was also evident. All employees should be taught how to recognise suspicious emails. Ransomware usually needs users to carry out actions like clicking on a link, or downloading an infected attachment.

It is also impossible to overstate the importance of backing up data in case you are hit. You can’t be held ransom for data you can access elsewhere.

To protect yourself effectively, or at least lessen the impact if you are hit, you need a layer of cyber security measures. The most fundamental ones are:

●       Anti-virus software which needs to be kept up to date. Cloud based software is a good option because it’s always current.
●       Anti-spam software to filter or block junk email, which is often used to instigate computer infections.
●       Firewalls to prevent unauthorised access to your networks.
●       Up to date systems which are kept protected using patches.
●       An additional DNS layer to protect all devices, including phones and tablets, from malicious activities.
●       Unified Threat Management which combines a range of applications to carry out several security functions from one system.

 Best practice around using passwords should also be followed. This includes changing entire passwords regularly - not just one or two characters. Bots can try millions of combinations per minute to crack passwords. Don’t reuse the same password either because if it’s leaked hackers can use it to get access to your other accounts too.

Simple housekeeping measures like deleting old user accounts will also help you keep on top of your cyber security. Users should be restricted from having access to areas of your network which they don’t need. This will help prevent infections from spreading.

The best time to protect yourself is now

This means you need to take every step you can to protect yourself and you need to do it today. No one can predict when they might be attacked, so being prepared at all times is the best approach.

WannaCry and Petya may have mainly affected large organisations but businesses of all sizes should protect themselves.

A study by the Federation of Small Businesses reported that small businesses are bearing the brunt of cyber crime. They found that 19,000 cyber crimes are committed against small businesses in the UK every day. Although many small businesses are taking steps to protect themselves, security standards vary and more can be done.

Cyber criminals are getting increasingly sophisticated and attacks are generally automated now. Bots can be used to scan operating systems for vulnerabilities so a mass attack that catches as many people as possible can be deployed.

Sam Reed, Chief Technology Officer at Air IT
Image source: Shutterstock/Martial Red