Weaponized Ransomware Cripples the Globe, Again

Just of the heels from a global pandemic from Wannacry in May, the world is experiencing another ransomware attack. This attack started early Tuesday and spread to computer systems around the world. The attack seemed to focus on Europe, Ukraine in particular, and then spread to systems across the world, causing the world’s second large scale ransomware attack in as many months.

The ransomware appears to have originated in Ukraine, and then it quickly spread to Russia, Britain, and soon to the Americas. Merck & Co., a pharmaceutical company based in the United States, tweeted that its network, “was compromised today as part of global hack.” Mondelēz International, a U.S. based food giant, was also affected by the attack.

Security experts first believed that the attack was linked to a known ransomware called, Petya. However, it is now believed that this particular ransomware has never been seen before. Unlike Wannacry, this ransomware did not require any action by a user. Thus, this allowed the it to spread and infect more machines quicker and quieter. The ransomware appears to be much more complex and sophisticated than Wannacry, suggesting there may have been funding or 3rd party involvement. Wannacry also had coding error and bugs, effectively giving the ransomware a kill switch. This does not appear to have any potential errors to help stop the spread of infected machines, hinting that there was an outside source of funding, as these projects are time consuming and require patience and expertise.

As more machines become infected, authorities are warning people not to pay any ransoms that are requested for any data to be unlocked. The offenders have no way to communicate the recovery key to victims, and paying the ransom tells hackers that their ransomware is effective. The attack has been targeting Windows, however, most machines should be updated from Microsoft’s OS patch from earlier this year after the Wannacry attack. Keep in mind, this ransomware is actively and effectively being spread through spam emails, and the attachments on those emails.

To avoid contracting the ransomware, avoid opening any attachments or links that look specious. You can hover over a link to see where it is going to take your machine. A good rule of thumb, if the link is very long, or does not have a human readable link, you probably should not open it. If you are in a large corporation or business, you should delete these emails and notify your I/T technician or department as soon as possible as they will want to make sure no one else has opened the email. If you are on a personal computer, keeping a good backup of your entire hard drive is a great tool to have. Keeping a second or third copy of files that cannot be lost is another good idea. Always install any security updates for your operating system, and keep an anti-virus program installed on your machine. Every copy of Windows has one built, although it is not the best, it is better than something. Make sure to keep that anti-viral software up-to-date as well. It won’t do much if it is not updated to look for new malicious software.

In the end, however, it comes down to using common sense and second hand knowledge to stay safe online. For some, that is harder than it is for others. It is always better to play it safe, than it is to have to deal with catastrophic data loss. If you were to take one thing from this article it would be that one line. Never forget it! I wish all of you a safe and ransomware free technology experience.