Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


Petya Ransomware Attack: What You Need to Know and Do

Petya Ransomware Attack: What You Need to Know and Do

A new strain of ransomware, known as ‘Petya’, has impacted individuals, private companies and public organisations including banks, airports and government organisations across Europe over the last 24 hours.
Ransomware is a type of computer virus that locks your data and demands payment of a ransom to unlock it. After the ransom is paid, it is quite common for the system to remain locked, with the attacker taking the money without releasing the files. Ransomware has recently become the single greatest online security issue in terms of number of attacks, and the impact it causes to businesses and organisations that manage national critical infrastructure.
The Petya threat follows the global WannaCry ransomware attack in May, which was labelled as the largest global cyber security incident to date. WannaCry exploited a known vulnerability in Microsoft systems called ‘EternalBlue’, and encrypted data, locking users out of their system until a ransom was paid.

While experts are still looking to establish how this new ransomware works, it is believed that Petya is potentially exploiting the same EternalBlue vulnerability as WannaCry. EternalBlue is a vulnerability in Microsoft’s early implementation of network file sharing protocols called SMBv1.

While Petya appears to have mostly affected European countries to date - including England, Ukraine, Russia and India - it is important to remember our geographic location does not make New Zealand companies exempt from this threat.
For this reason, it is important companies remain vigilant and take proactive steps in order to avoid being affected.
Tom Moore, Practice Manager of specialist cybersecurity consultancy, Aura Information Security, recommends the following measures and precautions are taken to avoid your business being impacted by ransomware:

1. Ensure all computers are updated with the latest security patches
Companies should ensure all staff computers, personal computers and company servers are up to date with the latest security updates and patches so that they are not openly vulnerable to the attack. Focus on any older legacy Microsoft Operating Systems you might be running first.

2. Make sure you know your vulnerabilities
If you are running legacy unsupported operating systems or software with known vulnerabilities, isolate them from the rest of your network. Make sure you add extra protection like configuration hardening, host based firewalls, or application whitelisting. Upgrade unsupported operating systems to the latest platforms wherever possible. Use your firewalls to block Microsoft File sharing protocols and do not expose these protocols to the internet (SMBv1 is TCP port 445).

3. Make sure you know what to do in the event of a ransomware infection
Make sure you know where your critical information is stored and ensure that you are able to restore this information from backup if your business suffers an incident, particularly if you have sensitive or critical information stored on laptops and desktops. If your business is impacted, it is recommended that you do not pay the ransom, as this may not result in files being recovered. You can also reach out for free advice if you report a security incident to the New Zealand National Computer Emergency Response Team (CERT), via or0800 CERT NZ (0800 2378 69).

4. Educate your staff
Educate your staff on what to look out for and what to do if their workstation is infected with malware. The advice for this latest ransomware attack is that users should immediately unplug their machine from the network, and call their IT support help desk. Advise staff to be extremely cautious when opening emails – even if they are from trusted suppliers and contacts, and especially if they contain attachments. It’s a good idea to call the sender to verify that they have sent the attachment and if in doubt, don’t open it.

© Scoop Media

Business Headlines | Sci-Tech Headlines


'Irregular Accounting': Voluntary Suspension Of Fuji Xerox Govt Contracting

This suspension gives the Ministry of Business, Innovation, and Employment time to understand the full implications of the report from FUJIFILM Holdings into irregular accounting practices at FXNZ. More>>


MPI: Cow Disease Detected In NZ For First Time

MPI is responding to the detection of the cattle disease Mycoplasma bovis in a dairy herd in South Canterbury... The disease is commonly found in cattle globally, including in Australia, but it’s the first detection of it in New Zealand. More>>

South Island Flooding: Focus Moves To Recovery

As water recedes throughout flood-impacted areas of the South Island, Minister of Civil Defence Nathan Guy has praised the efforts of those who were involved in the response to the flooding... More>>


Superu Report: Land Regulation Drives Auckland House Prices

Land use regulation is responsible for up to 56 per cent of the cost of an average house in Auckland according to a new research report quantifying the impact of land use regulations, Finance Minister Steven Joyce says. More>>


Fund For PPP Plans: Govt Embraces Targeted Rates To Spur Urban Infrastructure

The government's latest response to the Auckland housing shortage will see central government and private sector firms invest in 'special purpose vehicles' to fund essential roading, water and drains that Auckland Council can't fund without threatening its credit rating. More>>