How to protect yourself from the current and other ransomware attacks

You may have heard of a new ransomware attack – known as Petya – that has occurred in Europe and the UK, however it is quickly spreading around the globe. 

In fact, a number of Australian businesses have been affected, including the Cadbury chocolate factory in Hobart.

The first attacks occurred in Russia and the Ukraine, before spreading to Romania, the Netherlands, Norway, France, Spain, and Britain. And within only a few hours, it had reached India and the United States.

While experts are still trying to determine the scope and impact of the attacks, it is believed to be a variation of previous viruses derived from code known as Eternal Blue developed by NSA (the US National Security Agency).

It's origin in the Ukraine starteed when it silently infected computers after users downloaded a popular tax accounting package or visited a local news site.

The virus freezes the user's computer until a "ransom" of $US300 (approx AUD$395) is paid in the virtual currency bitcoin.

Over 30 victims have reportedly paid up, but even once paid, it remains virtually untraceable, and there are no guarantees computers will be unlocked.

While experts say it's not as virulent as last month's WannaCry attack, the virus can leap from computer to computer once unleashed within an organisation but — unlike WannaCry — it could not randomly trawl the internet for its next victims.

“It spreads apparently by having a ‘bad’ instruction — like a small piece of computer code — hidden inside a Word or PDF document.”
— Professor Slay, Australian Centre for Cyber Security at UNSW

What should businesses do to protect themselves from this – and other – ransomware attacks?

  • Ensure you have reliable backups with an offsite copy to ensure recoverability after the infection
  • Turn on Microsoft updates, to keep software up to date
  • Do not open emails with PDF or Word attachments (or the attachments themselves) if you aren't expecting them, or don't know the sender
  • If you are running an in-house mail server, we suggest blocking .zip file attachments (we can assist with this)
  • Educate your team to not open suspicious email attachments or web pages
  • Avoid executing unknown non doc files, such as .js .exe

What does a "suspicious looking email" look like?

  • Unknown contact sending you a resume or invoice (.zip file or Word doc)
  • Speeding fines (reminder these come in the mail not email) 
  • Banking updates
  • Electricity or telephone bills
  • iTunes updates
  • PayPal updates
  • Australia Post updates

For banking, electricity bills, iTunes, PayPal etc you can generally tell by the email address itself and/or the way the email is set out.

If you are unsure of an email, it's also worth googling the company name + "scam" or looking at their websites or official Facebook Pages, as many companies quickly become aware of these scams, and share them to help protect others. 

Advance manages corporate networks and provides protection against these types of cyber attacks.

If you have any concerns, would like to better protect yourself, or are victim of an attack, be sure to contact us immediately. 

You can also help others by sharing these tips with your colleagues, family and friends.