Coming of the heels of the ”WannaCry” ransom-ware attack just last month, we saw yet another example of how a simple virus can disrupt business and wreak havoc world-wide:
A computer virus wreaked havoc on firms around the globe on Wednesday as it spread to more than 60 countries, disrupting ports from Mumbai to Los Angeles and halting work at a chocolate factory in Australia.
Risk-modeling firm Cyence said economic losses from this week’s attack and one last month from a virus dubbed WannaCry would likely total $8 billion. That estimate highlights the steep tolls businesses around the globe face from growth in cyber attacks that knock critical computer networks offline.
Source: https://www.reuters.com/article/us-cyber-attack-idUSKBN19I1TD
Although the attack vector of ‘Petya’ presented itself mostly through compromised financial software updates, it could just as easily been delivered through an email containing a virus attachment, or a link to the same.
The virus encrypted data on infected workstations and servers, demanding a ransom in return for the data. However, apparently the end goal was acutally to disrupt systems and destroy data, and not collect ransom payments. The attack started in Ukraine, which appears to be the main target, but quickly spread to locations around the world.
This attack demonstrates how important it is for your organization to maintain proper security practices across all fronts. You can protect yourself from the affects of such attacks by following a few simple guidelines:
- Perform regular, non-local backups of critical data. Even if one or more systems are compromised, you can restore business without contemplating a ransom payment
- Ensure your workstations and servers have the latest security patches and updates installed. Most viruses and ransomware attacks hinge upon known software vulnerabilities which have already been addressed by the software vendor in their latest updates.
- Protect your network at the most common attack point for virus and ransomware: emails. Stop these attacks by using a trusted, gateway-level Anti-Virus solution.
- Train your staff. They are the last line of defense against these attacks, and can recognize a suspicious email or URL and stop a potential infection.
