The case of Petya ransomware is yet more proof of how big a threat a hacker attack can be. We risk not only losing information encrypted by malware or the leakage of passwords – the Ukrainian scenario showed the negative consequences of an efficient cyberattack for a nation and its entire business community. Unfortunately, Polish organizations, though to a much smaller extent, also found their place on the list of the hacker’s victims.
This is another attack in recent weeks that has been spreading incredibly fast. Once again, this virus utilizes vulnerabilities in the software, so-called exploits, developed by NSA. To be precise, the EternalBlue exploit. This was just like the last time, i.e., during the WannaCry attack, where the virus exploited SMB protocol vulnerabilities. This attack bears clear resemblance to WannaCry. Yesterday, specialists still expected it to be Petya. However, today, we know that this is a completely different type of ransomware (data encryption). What is more – according to our analysts from the SOC (Security Operations Center) – passwords are also stolen during the attack.
The infection itself begins with a malicious attachment. After it is opened, not only does the recipient’s station start to encrypt, but the virus attempts to find all other computers within an internal network and then spreads independently. As a result, a single e-mail can lead to an entire organization being infected.
“Such problems are unfortunately the result of neglecting the field of cybersecurity, and primarily, the still low awareness of this issue’s importance among the management staff of Polish institutions. Nobody wants to invest too much in such solutions, since cybersecurity has always been a fleeting topic. Meanwhile, infections, information theft, data encryption, sabotage cases – all happen on a daily basis. However, they do not reach the ears of top management – and the issue is becoming increasingly more relevant in cases like this. This is a warning signal that it is high time to do something concrete in the scope of security” – states the Director at Exatel’s Security Services Management Office.
Unfortunately, Poland is not an exception. We were happy that the previous ransomware, WannaCry, bypassed our country. This time, we were also attacked – but luckily – not as badly as in Ukraine. Kaspersky Labs stats from 7 p.m. on June 27 showed that Poland was the third ranked country in terms of the number of infections. This data is reflected in the analysis by Exatel SOC experts and by entries on Internet forums, Twitter and social networks, which indicate that a number of people employed by Polish entities lost their data. Of note, this group does not include any clients of Exatel.
