Dr. Jassim Haji, Director IT, Gulf Air on Petya Ransomware

Dr. Jassim Haji, Director IT, Gulf Air on Petya Ransomware
Dr Jassim Haji, Chairman of the AI Virtual Conference.
7 years ago

“Petya ransomware is following in the footsteps of WannaCry and has given us the message that the attacks using ransomware will remain and continue to evolve. Now it is up to us, as the information security community, to take the challenge and secure our assets against these attacks. ”

More Information:

Lately some of the global organisations (mainly in the European region) have reported new ransomware-based cyber-attack, named Petya. The attack is similar to the previous WaanaCry campaign and is believed to use an updated version of the EternalBlue exploit (stolen earlier from US NSA). Based on the available information, it is understood that the attack focuses on the phished emails to start the initial infection (either as an attachment or a website link), which than spreads into the network using Microsoft SMB v1 (a publicly known vulnerable protocol still used in legacy applications)

The security mechanism against these attacks are divided into the following major categories:

People:

Similar to most of the cyber based attacks, users form the weakest link. A click on the infected content will prove all other controls as ineffective. Therefore, users should be on the fore-front in securing against these attacks. A culture of information security awareness should be implemented in organisations where the users are informed about these attacks and how they can secure the organisation by not falling prey to these attacks.

Process:

Organisations need to improve on their legacy processes to ensure that they are still relevant in securing against these latest attacks. The processes related to strict and timely patch management on systems and devices, monitoring of the suspicious inward and outward traffic, periodic backups, and identification/treatment of risks on IT assets are critical to have to secure the organizations against these attacks and limiting the damage in case of a breach.

Technology:

Email protection solutions should be fine-tuned to ensure that the malicious emails are blocked for the end-users. Advanced Intrusion Detection and Prevention systems should be implemented to restrict the flow of suspicious traffic in the network. Further, it should be ensured that the antivirus (anti malware) protection solution is always up-to-date and working effectively. Sandboxing and other Advanced Persistent Threat (APT) protections can also be helpful in identifying and securing against these threats.