Ransomware events a reminder to get serious about security

In recent months, two headline-grabbing cyber attacks targeting enterprise and corporate networks radiated quickly across the globe. NZITF wants to take this opportunity to remind New Zealand businesses to practice good cyber security to reduce the risk of being compromised.

In May, a large coordinated attack called WannaCry spread to over 150 countries. Over 300,000 computers were infected. In late-June, an attack known as Petya (a.k.a. NotPetya or GoldenEye) was unleashed with similar global ripple effects.

WannaCry and Petya / NotPetya expose vulnerabilities in Windows-based computer systems in what is known as a ransomware attack. Ransomware is a form of malicious software that infects a computer, encrypts the data that the computer has access to and restricts access to it until a ransom is paid to unlock it.

WannaCry affected many organisations including UK’s National Health Service, Spain’s Telefonia, FedEx and Deutsche Bahn, alongside countless smaller organisations in many other countries. New Zealand was comparatively unaffected, with only a small number of WannaCry infections reported.

Petya / NotPetya also largely missed New Zealand. However, several organisations with international links or the local arms of such companies did take precautions. These included Maersk shipping in New Zealand and Ports of Auckland.

While theories swirl regarding the motivation and attribution for WannaCry and Petya / NotPetya, it illustrated a potential lack of preparation on the part of several large corporates.

Ransomware is nothing new, but in the last three years ransomware attacks have grown in number and sophistication. As part of the global internet community New Zealand companies and internet users have not been immune.

While there is more yet to learn about the architecture and mechanics of WannaCry and Petya / NotPetya, there are some simple practical actions you should take to lessen your chances of being affected.

Take care with your email

Ransomware Infections often spread through email so the most important thing you can do is take care with your email. Don’t open unexpected attachments or click on links in suspicious emails.

Install the latest patches & security updates

Unpatched computers are more likely to be infected, so you should install all patches and updates Microsoft has released to block WannaCry and Petya / NotPetya ransomware. If you’re running the latest version of Windows, this will happen automatically – provided you have automatic updates turned on.

Backup your data regularly

You should regularly backup your data and make sure you have offline backups. That way, if you are infected with ransomware, it can’t encrypt your backups.

What do you do if you get infected?

If you are infected you should resist the temptation to pay the ransom. People undertaking ransomware attacks are invariably linked to criminal networks. By paying you are funding organised crime and encourage further ransomware attacks. Instead, you should seek help from CERT NZ and/or a reputable cybersecurity firm.

Finally, it’s important to know that ransomware is just one part of the cyber attack threat environment. Cyber attack takes many forms – from viruses and worms, to denial-of-service and phishing; from social engineering to invoice fraud.

The message from WannaCry and Petya / NotPetya is clear. All organisations are in the firing line and New Zealand must remain vigilant. Safe and hygienic cybersecurity is more important than ever – it can make all the difference.