Ransomware has been wreaking havoc for years, locking up data and decrypting and releasing it only when money is paid, usually through Bitcoin.
Like any successful malware, new variants are based on the old ones, making it a snap for even amateur-hour hackers to tweak an old exploit and unleash it as new.
So now we have Petya, whose victims already include banks, airports, the metro in Kiev, and even Chernobyl radiation detectors. And this is only the beginning, as the malware is still very much in the wild.
The sad part is this exploit should have been prevented. Petya is based on the WannaCry ransomware attack, which goes after a hole in older versions of Windows. The U.S. National Security Agency (NSA) used this vulnerability for its own cyber-efforts — which a WikiLeaks data dump disclosed, offering hackers an easy-to-follow blueprint.
Smart end users and IT shops patch their systems, and in fact, Microsoft has a patch that plugs this hole. Unfortunately, all too many organizations fail to patch regularly and completely.
The reality is most successful exploits are against unpatched systems. Hackers love to take shortcuts and the patching process offers a perfect opportunity; just like the NSA leak offered an architectural blueprint for how to exploit the Windows’ hole that Petya jumps through.
Here is what the Petya warning screen looks like.
Petya Will Really Make You WannaCry
Petya adds some sinister elements to what WannaCry offered. For one, iPetya knows how to mine endpoints for passwords and uses these credentials to spread to other devices.
Petya can also be spread by taking advantage of machines with admin rights, similar to an elevation-of-privilege attack.
Three Ways to Avoid the Pain
Ransomware is serious stuff, but only if you haven’t take these steps to protect your operation.
- Patch your computers. Patching is 100 percent essential, but it is not easy for organizations that rely on end-user vigilance or manual IT means. You need an automated patching solution so patches are installed when they become available – on all endpoints and servers.
- Maintain an antivirus and anti-malware solution. With proper security protection across all your systems, incursions such as WannaCry will be spotted, blocked, and purged. Like patching, an automated solution that installs and updates security across all of your systems is essential.
- Be Smart about backup. Ransomware works by holding your data hostage. For those with no backup, an encrypted and locked hard drive is a disaster. If you have a current backup, it is only a nuisance. The best solution is an automated tool that backs up all of your systems to the cloud, where it remains safe until you need that data back.
With Kaseya VSA, all endpoints can be patched automatically and completely.
Cloud Backup to the Rescue
Cloud backup can automatically and regularly copy your files. And restoration is a snap, as this data is resting comfortably in the cloud just waiting for you to access it.
Kaseya has a cloud backup solution that is ideal for SMBs and managed service providers alike. Recently, Kaseya introduced Kaseya Cloud Backup, powered by Acronis. With Kaseya Cloud Backup, you can back up and recover every machine you manage on-premises or in the cloud – all from one place.
By leveraging the power of Kaseya VSA (which includes patch management and antivirus/anti-malware) with Kaseya Cloud Backup, you can quickly define backup policies by organization, machine group, or device type. Create as many policies as you need to simplify managing the backup requirements of the entire set of infrastructures under your control, and ensure you are meeting all compliance procedures. Changes in standard policy procedures can be applied to multiple machines and environments with a few simple clicks. In addition, you can create policies in VSA to restart failed backups automatically, shut down machines prior to backing up, and resolve many other problems that commonly occur during routine backup processes.