IT Security Professionals See Petya Ransomware as Multifaceted Threat

On June 27, a new variant of malware based on the long-known Petya ransomware attacked organizations in the Ukraine and around the world. The attack makes use of the same EternalBlue exploit first patched by Microsoft in March that allegedly is a hacking tool created by the U.S. National Security Agency. EternalBlue was also used in the WannaCry ransomware worm attack that impacted global organizations in May. Security vendors have been quick to respond to the new Petya ransomware variant, providing technical resources and insight into the attack, including what it means for enterprise IT security. In this slide show, eWEEK shares some of the commentary it has received from security professionals about the new Petya ransomware outbreak.

“The latest global ransomware attacks are yet another wakeup call for business as a serious threat, and not just another cyber-security technology challenge. Companies must evaluate ransomware threat readiness—and many are disturbingly unprepared.” — Bob Hammer, CEO of Commvault

“This attack leverages the same exploit as WannaCry with a different payload. This is the problem with signatures. An attacker can make a very simple change and the attack is just as effective as it was the first time. This will go on forever until we change the game.” — Mike Viscuso, co-founder & CTO of Carbon Black

“After decrypting the Trojan completely, we also found it not only uses the EternalBlue exploit, but also contains the NSA backdoor DoublePulsar. We are surprised to see that after the WannaCry debacle, there are still so many machines without the latest Windows security updates connected to the internet—especially in critical environments.” — Matthias Ollig, CTO of Avira

“Let’s face it: When the Shadow Brokers leaked the NSA’s hacking tools, they let the genie out of the bottle and there’s no putting it back in. We should expect to see all kinds of cyber-adversaries playing with and building on top of them. Some of us in the ICS (Industrial Control System) cyber-security community are braced for the worst—mainly that some creative hacker will find a way to cross-pollinate elements of WannaCry/Petya with the destructive payloads of the ICS-specific Industroyer/CrashOverride malware. If that were to happen, then we’re playing a whole new ballgame.” — Nir Giller, CTO of CyberX

“While this attack directly impacts IT systems, we must consider how the ransomware threat will evolve in the near future to also impact IoT devices and connected cars. If something as simple as system patches are being missed to let ransomware in, the prospect for robust protection of IoT devices does not look good.” — Mark Hearn, director of IoT security for Irdeto

“This attack also shows that criminal groups are always ready to copy and improve on one another’s techniques once they see that something is effective. Finally, the initial reports indicate once again the attacks caused significant outage in the real world, with offices and stores shut down as a consequence of the infection. This points once more at the fragility of our current infrastructure that can be substantially affected by what appears to be a traditional, widespread and non-targeted attack.” — Marco Cova, senior security researcher at Lastline

“The fact that Petya is spreading so rapidly is evidence that organizations worldwide are still not taking cyber-security as seriously as they should. In addition to being proactive in ensuring they’re monitoring on-premises network traffic, organizations must also ensure that they’re monitoring the traffic within cloud infrastructure environments.” — Varun Badhwar, CEO and co-founder of RedLock

“The good news is if you took appropriate WannaCry precautions, you are likely not to be affected by Petya.” — Adam Meyer, chief security strategist at SurfWatch Labs

“Any security vendor saying they could completely protect an enterprise from this form of attack isn’t being honest, because the attacker just needs to succeed once and the attack surface is too large. … The NSA designed these tools to specifically bypass existing security solutions, so it’s no surprise that the industry will be playing catch-up for the next several months.”  — Chris Morales, head of security analytics at Vectra Networks

“This attack is incredibly virulent. Its propagation is among the fastest we’ve seen since Code Red. Anyone who is depending on their software or antivirus or security vendor to defend against this kind of thing is making a bad bet. Bad guys are better organized [and] better incentivized, and they know our software and our networks better than we do. The only proven defense against ransomware is backups of all important data.” — Paul Vixie, CEO of Farsight Security

“What always seems to take some by surprise, however, is that no matter how much we talk about patching as the solution, it doesn’t happen in many cases. In fact, organizations with the most critical functions appear to struggle with software updates. It’s almost as if talking about the problem and ‘raising awareness’ isn’t enough to actually solve it.” — Wendy Nather, principal security strategist for Duo Security

“I believe the broad message is that the current approaches to security with respect to patching and updates is severely broken. Unfortunately, critical infrastructure technology has been ignored for too long, and now we’re seeing the repercussions of that complacency. Companies need to rapidly adopt a much more continuous strategy around patching and security testing, along with a robust disaster recovery plan that gets tested frequently.” — Mike Kail, CTO of Cybric

“Microsoft provided customers with MS17-010—a critical security update that patches the hole which makes the spread of these attacks possible. It is amazing to me that after the huge media coverage and rapid spread of WannaCry … we are seeing another successful attack that uses the same vulnerability again. I’m not sure what else we can do to get the message out there to companies: You need to get your machines patched, and today. This can’t wait any longer.” — Richard Henderson, global security strategist for Absolute