A recent outbreak of ransomware attacks on what amounted to a global scale struck recently as computers throughout large portions of Europe and Asia were slammed by programs that locked computers and demanded payment to open them back up. While much of the wave seems to be contained—at least for now—it has the subject of cybersecurity back on everybody's lips.
Ukraine seemed to be the biggest target in all this, as its transportation industry, its power companies, and both its government and its National Bank were all on ground zero. That didn't make Ukraine the only target by any stretch, as reports emerged of providers hit worldwide and striking at major infrastructure operations.
Many cited WannaCry as the likely culprit, though some security experts believed the Petya breed was involved instead. More specifically, it's a new offshoot called “NotPetya.” NotPetya is said to be similar to Petya, but with sufficient differences to make it its own breed of ransomware. NotPetya's origins can be traced back to the National Security Administration (NSA) and its EternalBlue hack, which is actually at last report where WannaCry came from. NotPetya, meanwhile, only scans computers on a local network rather than the entire Internet.
While recent reports suggest that the ransomware outbreak is under control in Ukraine, and the attacks taking on worldwide operations—from Danish shipping firm Maersk to United States pharmaceutical firm Merck—are trailing off, the latest outbreak may be nearly done. That isn't to say it's stopped, or will stop for long, but it's clear that ransomware will continue to be a problem.
Why? Simple: it works. And works well, too, by some reports; not only are these attacks able to make headway because many firms are still using outdated technology, but said firms also aren't engaging in proper patch discipline and installing necessary patches that would have protected against such issues in the first place. With an increasingly interconnected world, we must have the tools to protect ourselves against malware like this, and many simply aren't using them. Throw in the comparatively low costs demanded by ransomware practitioners—some reports suggested $300 in bitcoin was enough to unlock a system from this latest attack—and the costs of paying up actually seem less than paying for new systems or for IT to run patches.
As long as ransomware remains a comparative bargain and companies continue to operate with old, unpatched hardware, we'll likely continue to see such attacks take place. That's not good news for those of us who depend on power, fuel, and other such matters.