Whether you read about it on our blog or somewhere else, you have likely heard about the massive WannaCry ransomware attack that spread across the globe last month. This was one of the largest cyber attacks that we have ever seen in our technological world, and it left organizations on every continent scrambling. While not yet appearing to be of the scale of last month’s incident, another massive cyber attack is now making rounds across Europe.
The Spread of the Infection
The attack had begun on Tuesday and spread into many different organizations, including banks and other major companies. Reports have said that the attack has spread mainly within Ukraine and Russia, but it also affected organizations within Britain and several other countries. There were even US based organizations affected as part of the attack, including Merck & Co. and Mondelēz. The attack is believed to have involved a strain of ransomware called Peyta, which had been posted for sale on Russian criminal forums according to Flashpoint. Though, Kaspersky Lab has said that they believe it to be a new strain of ransomware and that it has affected around 2,000 systems. The method of initial infection is unknown, but it has spread similarly to WannaCry. Organizations affected in Europe included Britain’s WPP, Deutsche Post, Copenhagen’s A.P. Moller-Maersk, and a multitude of others.
Europol has said that they are aware of the attack, and have been working with cyber units to determine the nature of the attack. The effects of the attack have been showing up all over, including a Ukrainian bank ATM displaying a ransomware message demanding $300 in Bitcoin.
As ransomware continues to be one of the most prominent forms of cyber attacks, organizations will have to ensure that they have much better protection in place. With WannaCry, it had only affected those with outdated Windows OS, meaning it could have been prevented if organizations had upgraded to modern supported systems. It is uncertain as to how this new attack had occurred, but it is likely that a certain vulnerability was shared among those affected. Updating systems, security software, and other cyber components are one of the easiest ways for an organization to continue to protect themselves. There is also the factor of comprehensive off-site backups, which can allow an organization to immediately restore data affected by ransomware, rather than paying for its return.
Mitigating an Attack with Cyber Investigative Services
When an organization is subject to a cyber attack, an investigation should immediately be embarked upon. There are many factors that need to be explored in regard to a cyber attack, including the extent, affected systems, and source. Often times, an organization does not have the necessary tools and manpower to perform a full investigation, which is where cyber investigation services are vital. A poorly done investigation can result in much less mitigation of an attack. For instance, cyber investigation services could help an organization to trace the source of an attack, which would allow them to pursue further action against the perpetrator, including legal measures. In addition, an organization would be able to discover the full extent of the attack, and so be able to remediate the various affected systems and vectors. A poor investigation could miss some of the affected areas, or potentially even leave part of the infection within systems. Massive Alliance offers comprehensive cyber investigation services that can allow an organization to understand the full extent of an attack and begin reparative actions.