10 Ways To Get Away Cyber Bombs Like Petya and Wannacry

by Moumita Deb Choudhury    Jun 30, 2017

cyber crime

So Petya is ‘Not Petya’ as redubbed by Kaspersky, which means the cyber-attack donned upon several government offices, PSUs and corporates around the globe on Tuesday is not a ransomware but a wiper which actually destroys data.

India is the worst effected in the Asia-pacific region by ‘Petya’ that has claimed thousands of victims globally, security software firm Symantec said. Globally, India ranked as the seventh most impacted nation.

‘Not Petya’ impact: Paying cannot Retrieve data:

Perhaps this week’s attack is not intended at cornering ransom, almost certainly not the work of profit-oriented hacker like Janus. Instead more malicious than what could be perceived, it was an electronic Molotov cocktail lobbed into Ukraine by an attacker who underestimated how far it would ripple.

“It’s someone who wants to shut down Ukraine and make it look like ransomware,” said Matthieu Suiche, founder of cyber-security provider Comae Technologies. “And like what happened back in December with the power grid, it’s a political motive.”

Although the infected computer screens of the victims project a demand for $300 in Bitcoin for data retrieval, the mechanism to pocket the money from the hostage in exchange for decryption keys quickly disintegrates. Behind this immense cerebral programming of fast spreading malware, the effort shows little inclination towards amassing wealth.

“The superficial resemblance to Petya is only skin deep,” said the cyber-security expert The Grugq. “Although there is significant code sharing, the real Petya was a criminal enterprise for making money. This [latest malware] is definitely not designed to make money. This is designed to spread fast and cause damage, with a plausibly deniable cover of ransomware.”

Plainly put, it means, the code was developed to destroy not extort. Do not pay, as paying would only convict you of being a financial criminal.

Now, we know even money cannot save the valued assets of giant corporates and government organizations, once in the hands of cyber-criminals.

10 ways experts suggest to gate the cyber bombs:

·        Maintaining a proper cyber- hygiene is the cure to all ills. This is a most recommended tip to avoid such cyber devastations faced this year.

·        Regular pathing of operating system is a must.

·        In case your computer is infected, keep a copy of the phishing email thrown to you by the hackers and furnish it to the investing authority so further probing.

·        Back up regularly and keep a recent backup copy off-site.

·        Organizations which are dealing with critical infrastructure and mass-scale complexity between IT and OT network, it is imperative to gain visibility to the network paths and access between those environments.

·        Avoid using high privileges accounts like the ones with administrator rights for daily businesses.

·        Do not click on the links or attachments you find suspicious, hackers can send malicious links which seems to have come from trusted parties such as banks.

·        Cloud based solutions should be adopted which ensures that the relevant data is made available to the user on demand but the storage of data itself is always on the cloud where it is easier to put security and anti-malware defenses.

·        Understanding how to effectively segment your organization, control access and neutralize threats posed by vulnerabilities is more important now than ever. 

·        Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.