Ransomware attacks ‘spreading rapidly’
A cybersecurity advisory was issued this afternoon by the Bermuda Government over a surge in online attacks around the world.
A statement follows:
The Ministry of National Security is advising that a new variant of Petya ransomware, also known as Petwrap, is spreading rapidly due to the same Windows SMBv1 vulnerability that the WannaCry ransomware abused.
The Bermuda Government’s Cybersecurity Working Group has been monitoring the concerns, and has been made aware of large scale system affections in the US and Europe. Reports of systems affected include: harbour terminals, airports, electricity grids, banks, factories, offices, insurance, and military.
The public is advised that Petya works very differently from other ransomware malware. For example, Petya does not encrypt files on a targeted system one by one.
Instead, it reboots victims computers and encrypts the hard drive’s master file table (MFT) and renders the master boot record (MBR) inoperable.
This restricts access to the full system by seizing information about file names, sizes, and location on the physical disk.
Petya replaces the computer’s MBR with its own malicious code that displays the ransom note and leaves computers unable to boot.
Cybersecurity experts note that Petya uses the Eternalblue NSA exploit, SMB share and lateral movement using WMIC similar to Wannacry but also spreading with a client-side attack using CVE-2017-0199.
Unlike the 2015/2016 Petya ransomware decryption keys are unavailable.
The Bermuda Government’s Cybersecurity Working Group urging the following precautions be taken:
• Patch your systems for MS17-010, block SMB sharing at the firewall and disable WMIC if possible and have offline back-ups. If possible, block RTF (rich text) files at your e-mail gateway.
?• To safeguard against any ransomware infection, you should always be suspicious of unwanted files and documents sent over an e-mail and should never click on links inside them unless you have verified the source.
• Keep a good back-up routine in place that makes their copies to an external storage device that isn’t always connected to your PC. Small businesses and home users should consider using cloud services to back up their important files. Many service providers (for example, e-mail providers) offer a small amount of cloud storage space for free.
•Run an antivirus security suite on your system regularly, and keep it up-to-date. Home users should turn on Windows Updates and run it.
• Always browse the internet safely.
The public will recall that last month (May), the Ministry of National Security encouraged public vigilance following a large scale cyberattack which infecting more than 230,000 computers in 150 countries.