Many organizations in Europe and the US have been crippled by a ransomware attack known as “Petya”. According to The Guardian
, the malicious software has spread through large firms including the advertiser WPP, food company Mondelez, legal firm DLA Piper and Danish shipping and transport firm Maersk, leading to PCs and data being locked up and held for ransom. It’s the second major global ransomware attack in the last two months. In early May, Britain’s National Health Service (NHS) was among the organizations infected by WannaCry, which used a vulnerability first revealed to the public as part of a leaked stash of NSA-related documents released online in April by a hacker group calling itself the Shadow Brokers. The WannaCry or WannaCrypt ransomware attack affected more than 230,000 computers in over 150 countries, with the NHS, Spanish phone company Telefónica and German state railways among those hardest hit. Like WannaCry, “Petya” spreads rapidly through networks that use Microsoft Windows, but what is it, why is it happening and how can it be stopped? What is ransomware?
Ransomware is a type of malware that blocks access to a computer or its data and demands money to release it. How does it work?
When a computer is infected, the ransomware encrypts important documents and files and then demands a ransom, typically in Bitcoin, for a digital key needed to unlock the files. If victims don’t have a recent back-up of the files they must either pay the ransom or face losing all of their files. How to protect yourself?
Additionally, keeping Windows up to date – at the very least through installing March’s critical patch defending against the EternalBlue vulnerability – stops one major avenue of infection, and will also protect against future attacks with different payloads. In addition, you have to know that it will be hard to control all computers at your company so really you have to use SIEM (security information and event management). SearchInform SIEM
- Network attacks from inside and outside
- Virus epidemics and separate infections
- Attempts to gain unauthorized access to sensitive information
- Fraud and targeted attacks
- Errors and failures in information systems
- Configuration errors in info-security and information systems
SearchInform Event Manager is a SIEM system that solves real-life business challenges. So, you will be able to find problems in your network and solve it, and you will be secure from these kinds of attacks.