Evolve IT Blog

A new malware swept across the globe Tuesday, incorporating facets of many ransomwares that have made headlines recently. While it originally appeared to be a variant of the Petya ransomware, it has been determined that it shares more in common with WannaCry. However, “NotPetya,” as it has been named, has a few additional features that experts say make it worse than either of its predecessors.

Why NotPetya Isn’t Really a Ransomware
The first clue that researchers had that NotPetya had a different motivation was the fact that the ransom only demanded the Bitcoin equivalent of $300. Secondly, the only means of getting the decryption key was to send an email to an address hosted by German email provider Posteo. Despite the lack of preparation the payment method appeared to have, NotPetya itself was clearly designed to be able to infiltrate as many networks as possible and do maximum damage once inside.

A Hybrid Hacking Attack
Since the attack commenced, researchers have ascertained that despite its initial similarities with Petya, NotPetya shares many traits with other malicious programs. Like WannaCry, the attack that affected much of Europe, NotPetya leverages EternalBlue. EternalBlue is a National Security Agency hacking tool that targets unpatched systems and steals the passwords that allow administrator access. In addition to EternalBlue, NotPetya also utilizes EternalRomance, another code that was stolen from the NSA.

Once NotPetya has infected one computer, it extracts passwords from its memory or the local filesystem to allow itself to spread--including onto updated and patched Windows 10 systems.

How To Protect Your Files
First off, don’t expect that you can retrieve your files just by paying the ransom. Even if those responsible for NotPetya intended to keep their word and return them once paid, Posteo has shut down the provided email account victims were to receive their keys from. As a result, unless a victim was already following certain best practices, their files are as of yet unrecoverable.

However, this does not mean that everyone is vulnerable to this attack. Before the EternalBlue and EternalRomance exploits were distributed on the dark web, Microsoft had already released patches for the vulnerabilities. However, if these patches were not applied, a user’s systems were (and are) still vulnerable.

The best method to avoid infection from this kind of attack is to ensure your users understand the importance of cyber security efforts, and that all of your business’ systems are reinforced against the latest threats by keeping your defenses up-to-date.

Furthermore, even an infected user is not without hope if they have been backing up their files. If they have done so, all they have to do is disconnect their computer from the Internet, reformat their hard drive and restore their data from their backup solution. However, for this to work, you have to also be sure that your backups are up-to-date, and that your backup is stored in an isolated location, separate from your network.

Evolve IT has the experience and expertise to help prevent you from becoming a victim of a malware like this, whether we help you manage your backups or help educate your users to avoid attacks like these in the first place. Give us a call at (518) 203-2110 today.

Ransomware is a major problem in both the personal and private sectors of computing, but up until very recently, Apple users had little to fear from potential ransomware hacks. Security researchers at Palo Alto Networks have discovered what’s known to be the first completed ransomware on an Apple device. The threat, called KeRanger, is officially “in the wild,” and is a danger to any Mac user.

Today’s various versions of ransomware are dangerous. By forcibly locking down important files on a victim’s computer, threats like CryptoLocker and CryptoWall are posing significant threats to both businesses and ordinary computer users. However, a new type of ransomware has appeared called CryptoJoker; and we assure you, there’s nothing funny at all about this one.

Cyber security continues to be a major pain point for small and medium-sized businesses, even if they’re taking the fight to the latest threats with solutions like antivirus and firewalls. Significant progress has been made, yet new threats are born every day. In fact, you might be surprised to find out that a monstrous 27.3 percent of all malware in the world was created just last year. 

Any business worth their gigabytes will practice extreme caution when surfing the Internet. Hackers tend to make users’ lives more difficult, even for those who are part of a small or medium-sized business. Teaching your employees security best practices in hopes that they’ll avoid suspicious websites isn’t a foolproof strategy, and thanks to malvertising, ensuring that your organization stays secure is more difficult.

Computer users, beware; there’s an intrusive malware spreading across the Internet that’s capable of locking users out of their web browsers and redirecting them to fake IT support phone numbers. The hacker’s goal is likely to steal sensitive information from users, so it’s especially important that you don’t call this fake phone number.

ATMs are probably everyone’s favorite kind of computer. You swipe your card, enter in your PIN, and withdraw cash immediately. Many people forget that an ATM is simply a computer in disguise, though; one that can be infected with malware just as easily as any old PC can. A new type of ATM malware, GreenDispenser, is making its rounds in Mexico, and could potentially make its way to other countries if left unchecked.

Malware and viruses are so common nowadays in the technology world that it’s no surprise when new ones are created. Thus, it should come as no surprise that hackers are looking to spread smartphone malware to unsuspecting users around the world. Kemoge, a new malicious adware for the Android mobile operating system, has spread to 20 countries, and is taking the mobile device world by storm.

In the wake of a ransomware takeover, it seems like the world can’t go a few months without some sort of data loss disaster occurring. The antics of hackers grow more dangerous and difficult to dodge, and IT departments have their hands full dealing with the fallout. What’s keeping you from contracting this ransomware, and how can you keep your business from suffering its consequences?