Petya ransomware attack: Industry responds
Written by Deborah Ritchie
Companies across the world are reporting another wave of ransomware attacks, thought to be created by an updated version of the WannaCry virus of last month.
Kaspersky Lab’s telemetrics data indicates around 2,000 attacked users so far, with organisations in Russia the most affected. The company has also registered hits in Poland, Italy, Germany and several other countries. The attack vector is not yet known. Kaspersky Lab says it aims to release new signatures, including for the System Watcher component as soon as possible and to determine whether it is possible to decrypt data locked in the attack – with the intention of developing a decryption tool. Meanwhile, it advises that companies update their Windows software, check their security solution and ensure they have back up and ransomware detection in place.
Whatever the source, the attack looks like it could be more serious than WannaCry, according to some industry experts. “We had an early warning shot last month as WannaCry spread like wildfire globally,” says Graeme Newman at CFC Underwriting. “However, in actual terms, it inflicted relatively little damage. Petya, however, seems to be different. This new breed of ransomware looks much more dangerous, already causing chaos for businesses around the world and early indications suggest that this could cost organisations ten times more than WannaCry. In terms of its global impact, we’re already seeing claims coming in from the US and are bracing ourselves for claims from other countries in the next few hours.”
“This is the tactic of choice for cyber criminals at the moment – in Q1 of 2016, ransomware accounted for 12.9% of our cyber insurance claims, but jumped massively to 20.5% of claims in Q1 of 2017. Fighting ransomware, however, becomes a much more complex battle to face considering that the cost of the ransom can actually be minimal compared to the cost of the ‘clean up’ operation. Claims for this type of attack can quickly spiral out of control when the costs of system damage and business interruption are tallied. It’s easy to see how this new wave of attacks could end up costing businesses millions,” Newman explains.
Ongoing cyber attacks continue to underline the need for companies to fully understand exposures and responsibilities when it comes to the security of data. "These latest attacks vividly demonstrate that any business with a computer connected to the internet needs to ensure they have sufficient protection in place to help to reduce the risk of a hack,” says partner at law firm Clyde & Co, Michelle Crorie. “We work with cyber extortion insurers who have policies designed to assist businesses with the challenges such an attack presents, such as a multi-disciplinary team of IT experts, external legal and crisis risk management professionals, who can together mitigate the impact of an event and assist in increasing security for the future."
"With new European wide General Data Protection Regulations (GDPR) due to become law next May 2018, businesses face punitive fines of €20m or up to 4% of global turnover, if they do not take adequate steps to protect sensitive customer data," Crorie warns. "This change in the law, combined with such high profile and wide-ranging cyber attacks, are driving cyber risk onto the board agenda and leading the board to consider carefully their D&O exposure. Businesses need to understand how to mitigate and limit the risk, and also have a good understanding of the legal consequences of the risk mitigation options available.”
Several insurers have been paying ransoms when insured are hit by ransomware as a quick way of resolving the issue, according to Dr Mark Hawksworth at Cunningham Lindsey. “This only funds the cyber criminals and the short term gain can quickly turn painful if a firm is added to a ‘sucker-list’ by cyber criminals, indicating that you are susceptible to ransom,” he comments.
“Computers affected by Petya now have the added headache that the author’s email account has now been frozen, meaning that paying a ransom is no longer an option as they can’t provide decryption keys.
“We expected another wide scale virus attack shortly after Wannacry, as cyber criminals copied and improved on a Wannacry styled virus. If you have any computers that are infected with Petya and your machine has crashed / powered off, do not power up. Use a LiveCD or external machine to recover files. Our cyber team has been able to ascertain that as long as you do not go past the CHKDSK message, your files are safe and you can recover them.”