The cyberattack that swamped much of Europe and infiltrated American computer systems yesterday exploited the same vulnerabilities as the WannaCry attack in May.
The new breach – which is being called Petya – crippled areas of Eastern Europe and hit several multinational corporations in Western Europe and the United States, including port operators in New York and Rotterdam.
Ukraine was struck particularly hard, it has been reported. More than 80 companies in Russia and Ukraine – the Chernobyl nuclear plant included – were affected by the virus. Similar to WannaCry, the Petya malware that disabled computers Tuesday demanded affected users pay $300 in Bitcoin to unlock them.
According to Symantec, the Petya virus is using the same system vulnerability exploited in May. The vulnerability, called EternalBlue, works on Microsoft’s Windows operating system. And while that vulnerability was subsequently “patched” – an additional, specific security add-on was offered – to halt such malware attacks, many organizations around the world may have failed to properly install the patch.
Arthur J. Gallagher managing director of US cyber liability practice Adam Cottini said the most alarming takeaway from the attack reports was that the affected companies may not have sufficiently heeded the warnings of the WannaCry blitz.
“In the aftermath of WannaCry, a tremendous amount of known vulnerabilities existed and unfortunately those vulnerabilities were not patched,” he said. “Therefore, unfortunately it’s poor patch-management procedures that are impacting a lot of these organizations that are experiencing this ransomware.”
Cottini said it wasn’t necessarily laziness or complacency that had major organizations failing to update the security systems, but organizations needed to be better structured to quickly and appropriately ensure their computers and business was safe.
“There are some pretty big companies involved in this right now. It might be a matter of [poor] messaging downwards, and who needs to be responsible at different levels of an organization. It could be just as easy as ‘sleeping at the wheel’, folks prioritizing different matters, or not knowing that they had these particular vulnerabilities in their system for some reason.”
Whatever the reason for the security lapses, though, there are – again – cyber lessons to be learned here, he said.
“The thought process is that you’re going to have to harden your system,” he said. “The way to deal with cyber ransoms is you have to deal with proper data backups. And secondly, it becomes a training issue – the employee component of this is pretty big because you might actually have unleashed this virus through clicking on a link or opening an attachment in an email that you should have known potentially was a bad email.
“So the summary items are these: back up your stuff; let’s have employee awareness training to try to prevent these issues and … if you have a known vulnerability, you ought to prioritize that and address it so it doesn’t loom out there.”
Related stories:
Huge new cyberattack goes global – hits nuclear plant, railways, shipping
Reflecting on WannaCry and what it means for insurers