• News
  • Security
  • Products
  • About Seqrite
Seqrite Blog Blog
  • News
  • Security
  • Products
  • About Seqrite
Home  /  Uncategorized  /  Impact of WannaCry and Petya ransomware attack
03 July 2017

Impact of WannaCry and Petya ransomware attack

Written by Seqrite
Seqrite
Uncategorized
1
Estimated reading time: 3 minutes

What’s the latest threat that keeps security administrators awake at night these days? Chances are, that the most definitive answer would be either “WannaCry” or “Petya”, or both.

But why are these two breeds of malware so fearsome?  What’s different and so dangerous about them that CISOs of large, medium and small organizations alike find them challenging? Let’s have a look.

Understanding Petya and WannaCry

Petya and WannaCry are malware that caused a significant havoc across the world in 2017. What makes them particularly insidious is that they are a ransomware. True to the name, ransomware works by encrypting and thus locking up the files on a victim’s computer and then claiming a ransom for their release through a decryption key.

Ransomware works through asymmetric key cryptography- a technology that is impossible to crack. Without the knowledge of the decryption key, the victim cannot recover their files.

The WannaCry Ransomware attack began on 12th May 2017 (Fri) and within a day it managed to infect over 200,000 computers in 150 countries making it the biggest ransomware attack in history. The U.S. National Security Agency (NSA) reportedly discovered an underlying vulnerability (MS17-010) in Microsoft’s Sever Message Block (SMB) protocol (“used by Windows machines to communicate with file systems over a network.”). The NSA chose not to inform Microsoft about this vulnerability and instead built an exploit called EternalBlue which could be used for intelligence-gathering purpose. A hacking group called Shadow Brokers stole the details of this exploit and leaked them in public which ultimately went on to trigger the WannaCry outbreak worldwide. Microsoft had already released a security update to patch this vulnerability in March 2017, but many users and organizations failed to apply this update, exposing their systems to the attack.

Petya began its infamous journey just about six weeks after WannaCry, sometime in late June 2017. It is suspected to have originated from Ukraine. The attack appears to have been seeded through a software update mechanism built into an accounting program that companies working with the Ukrainian government use.  It used the same vulnerability which WannaCry Ransomware had exploited to spread.

The impact of WannaCry and Petya on organizations across the globe

The impact of losing access to critical files- ranging from photographs to emails to databases, can be devastating to the business operations of any enterprise, large or small. Typically, recovering from a ransomware attack can be a nightmare that can extend from days to weeks, with considerable impact to the company’s revenues and reputation.

WannaCry started spreading like wildfire around 12th May 2017, infecting large and small companies across the globe with some prominent organizations like the UK’s National Health Service (NHS) and FedEx in the US, being impacted. Overall, more than 300,000 computers were affected globally. WannaCry locked the computers’ files and a ransom demand appeared on their locked screens, with a countdown timer indicating that their time was running out and if the ransom wasn’t paid, the key would be destroyed permanently.

Petya similarly demanded a ransom of $300 in Bitcoins, and locked the computer down, with only the ransom demand screen showing up. The shipping giant Maersk, the advertising company WPP, law firm DLA Piper, energy company Rosneft, and food giant Modelez were among the prominent ones who admitted that their systems had been compromised by Petya. However, many others suffered.

How to avoid or minimize the impact of WannaCry and Petya?

Ransomware has been around for a long time, but it has gained more teeth now with the availability of Bitcoin-based payment methodology which is ‘safe’ for the attackers to collect the ransom without being traced. Another reason for their resurgence is the availability of ‘malware as a service’ business model where those without much technical knowledge can work as distributors of the malware, in a ‘revenue share’ model.

As always, prevention is better than cure. With proper security practices including applying all the security patches in a timely manner, and installing appropriate security mechanisms, companies can reduce cyber threat to their systems. Using multi-layered security tools like Seqrite’s comprehensive portfolio of Firewall, network and endpoint security tools, the malware can be prevented from infecting the enterprise’s systems in the first place. In an unfortunate event of being infected, there are secure recovery mechanisms using the backup and data restore feature.

Conclusion

WannaCry and Petya are more insidious and damaging than all the malware attacks that have happened so far; but they are not difficult to prevent. Proper security mechanisms and tools can be used and applied in a judicious manner to prevent their entry, control their spread, and minimize their impact.

Seqrite helps businesses simplify IT security and maximize business performance. To know more about our products and services visit our website or 

seqrite_cta1

 Previous PostA technical analysis of the recent Petya ransomware attack
Next Post  Rise of Ransomware: How Seqrite can help your business stay prote...
Seqrite
About Seqrite

Follow us for the latest updates and insights related to security for enterprise networks. Subscribe to our newsletter to stay...

Articles by Seqrite »

Related Posts

  • Gorgon APT fractures India’s Industrial Backbone

    Gorgon APT targeting MSME sector in India

    August 10, 2020
  • Way Out of The MAZE: A Quick Guide For Defending Against Maze Ransomware

    May 21, 2020
  • The-need-for-businesses-to-empower-the-CISO

    Why do boards need to empower their CISO?

    October 22, 2019

1 Comment

Leave a Reply.Your email address will not be published.

Cancel reply

CAPTCHA Image
Refresh Image

  1. Yacon Root Reply to Yacon to Yacon Root'> Reply to Yacon
    October 21, 2017 at 9:12 PM

    I love this site. It’s an great read.

Popular Posts

  • New Spear Phishing Campaign using Army Welfare Education Society’s Scholarship form New Spear Phishing Campaign using Army Welfare Education Society’s Scholarship form March 22, 2021
  • 5 Security measures you should take to protect your organization’s network 5 Security measures you should take to protect your organization’s network August 11, 2017
  • Nation-states shoot from somebody else’s shoulder Nation-states shoot from somebody else’s shoulder March 10, 2021

Featured Authors

  • Seqrite
    Seqrite

    Follow us for the latest updates and insights related to security for...

    Read more..
  • Viraj Talikotkar
    Viraj Talikotkar

    Viraj is a Lead Technical Writer at Quick Heal Technologies. He is always on...

    Read more..
  • Sanjay Katkar
    Sanjay Katkar

    Sanjay Katkar is the Joint Managing Director and Chief Technology Officer of...

    Read more..

Latest Posts

  • How to avoid dual attack and vulnerable files with double extension?

    How to avoid dual attack and vulnerable files with double extension?

    April 9, 2021
  • Cryptocurrency Malware: Bitcoin Mining threats you need to know about

    Cryptocurrency Malware: Bitcoin Mining threats you need to know about

    April 4, 2021
  • Zloader: Entailing Different Office Files

    Zloader: Entailing Different Office Files

    March 23, 2021

Stay Updated!

Topics

Antivirus For Linux (10) apt (10) Bitcoin (9) BYOD (9) COVID-19 (10) Cyber-attack (31) cyber-attacks (56) cyberattacks (12) Cybersecurity (284) cyber security (26) Cyber threat (29) cyber threats (44) Data (11) data breach (50) data breaches (27) data loss (28) data loss prevention (33) data protection (21) data security (13) DLP (49) Encryption (16) endpoint security (103) Enterprise security (14) EPS (9) Exploit (12) firewall (11) GDPR (10) IoT (10) malware (59) malware attack (23) malware attacks (12) MDM (25) Network security (18) Patch Management (12) phishing (17) Ransomware (56) ransomware attack (29) ransomware attacks (30) ransomware protection (12) Seqrite (24) Seqrite Encryption (27) Seqrite EPS (33) Seqrite Services (16) UTM (34) Vulnerability (10)

Products

  • Endpoint Security (EPS)
  • Seqrite Encryption Manager
  • Seqrite Endpoint Security Cloud
  • Cloud Security
  • Seqrite mSuite
  • Seqrite Workspace
  • Unified Threat Management
  • Antivirus for Server
  • Antivirus for Linux

Resources

  • White Papers
  • Datasheets
  • Threat Reports
  • Manuals
  • Case Studies

About Us

  • Company Overview
  • Leadership
  • Why choose SEQRITE?
  • Awards & Certifications
  • Newsroom

Archives

  • By Date
  • By Category

© 2020 Quick Heal Technologies Ltd. (Formerly Known as Quick Heal Technologies Pvt. Ltd.) Cookie Policies Privacy Policies

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website.
By browsing this website, you agree to our cookie policy.