In recent times, a lot of organizations around Europe and the United States of America have been affected by a genre of attack software from cryptovirology known as Ransomware. This attack, which threatens to publish the victim’s data or perpetually block access to it unless a ransom is paid, has brought several businesses to a close. Mondelez International, Mars Inc, Reckitt Benckiser Group Plc and A.P. Moller-Maersk are some of the companies that have been hit by the Ransomware attack.
There have been about five Ransomwares in the last five years. These include CryptoLocker, TeslaCrypt, SimpleLocker, NotPetya, Eternal vigilance, WannaCry and Petya. However, unlike other Ransomware, WannaCry and Petya do not encrypt files on infected machines individually instead it locks up the entire hard disk drive of the machine.
Ventures Africa spoke with Justice Anyai, Lead Consulting Engineer MEA at Check Point Software Technology Limited. Check Point is one of the global leaders in providing security solutions to various organizations. Recently, Check Point’s Incident Response Team has been handling multiple global infections caused by a new variant of the Petya malware which is propagating fast across business networks in the same way as WannaCry.
Ventures Africa (VA): To begin with, what makes Ransomware such a pertinent threat to modern business?
Justice Anyanyi (JA): First of all, if you have to pay a-third party money for your own data, then that becomes a problem to you as an individual. Then when it comes to an organization if you are held to ransom, just like kidnapping a child and you have to pay money for what belongs to you, I think it becomes a big problem to individuals or organization. Why ransom ware is very unique is the fact that it spreads at a very fast rate, it holds businesses to ransom, in other words, they lose money while they’ve been attacked. So there’s every need for an organization to ensure that their critical information or their means of providing service to the public and their means of making money is secured. Ransom basically is a menace to the world because nobody wants to have to pay third party money to access your data and usually in most cases even when you have to pay that money, you don’t get your data back. Today it’s a global security problem, and every organization needs to start thinking about how to protect themselves proactively, and also have the best security to ensure that they’re up to date in all facets and every area where they provide IT service on their platform.
VA: We heard about the Wannacry attack in May and then recently, the Petya attack too. What are the differences between both attacks?
JA: The most important thing is not about comparing both. It is about knowing that every organization stands a risk of being attacked. Every organization would need to upscale their IT security strategy. It’s no longer about detection but about trying to prevent threats across your organization.
Ransomware will keep evolving. We have had Wannacry, and Petya, we don’t know what we’re going to have next. The major similarity between both is that your data or your systems are put to ransom in other words you’re restricted from accessing your critical information. Every organization has to ensure that they have strategies to protect their critical data from known and unknown threats and that is very key. Unknown threats can come in different variants like the Wannacry or Petya, you could have a strategy in place to prevent unknown threats.
VA: Between Mac users, Microsoft users and people that save data in the cloud, which users are more prone to these attacks?
JA: For these attacks, I think they took leverage on the vulnerability in Microsoft platform. But you know it could be any platform. We’ve seen Ransomware attacks that affected Linox based or Mac based platform but the last two we’ve seen exploited the vulnerabilities on Microsoft platform. If you have unpatched Microsoft Operating System (OS) then most likely, you would be affected.
VA: What do you mean by unpatched Microsoft OS?
JA: It means you are not running the most updated software packages. You’ll need to update your software’s on a regular basis. If you don’t have the most updated MS software packages most likely you would be a victim of these two Ransomware attacks.
VA: Is there a type or size of business that is targeted or most vulnerable to these attacks?
JA: The most disturbing thing about these attacks is that they don’t target any particular organization. It’s like spreading your net across the ocean. Most times you get the big fishes and at times you catch the small ones. But in this case, we’ve seen that a lot of big organizations that have services on the Internet got affected. We’ve also had cases of small organizations being affected, but they were not in the news. I think the most important thing is knowing that you can protect yourself, knowing that it can be prevented. These attacks can be prevented and every organization should put in place strategies on how to protect themselves from these kinds of attacks.
VA: Which of the attacks should people be more wary about?
JA: You should be wary about being attacked in the first instance not necessarily the one that we know because there are a lot of attacks that we have no idea about. There are new variants to old probabilities; there is also what we call new vulnerabilities or Zero Days. These Zero Days come embedded in email platforms when you go to malicious sites. Every organization stands a risk or being attacked so they should put in strategies that can prevent these attacks. Gone are the days when we rely on detection capabilities or when we do vulnerability assessment to understand what is happening. The most important thing now is to have a strategy in place to prevent any attack from infiltrating your organization.
VA: Do you see the Ransomware attack spreading to Africa?
JA: It’s not about it spreading because it’s already in Africa. A lot of companies here in Nigeria were affected. We didn’t get to hear about it in the news. We had calls from companies that were affected and we basically helped them to stabilize their environment. The question is not about if it’s in Africa because it is already here with us. We need to ensure that we are proactive to these things and have the required strategy to protect ourselves from being attacked.
VA: How are we going to get past this and prevent it from happening in the future?
JA: I think the first thing to do is to ensure that you have the basic security. Patch all your systems and be up to date in your patch strategy. We’ve seen in recent times that this is one easy way to get easy access into most organizations because people don’t really update their software. Organizations would also need to implement solutions that probably have the most advanced threat prevention solution in place. Since it’s about threat prevention from an IT perspective. You’ll want to prevent yourself from advanced threats and if you don’t have the required advance preventive solutions, you might not be able to do that. So investing in the most advanced threat prevention solution is very key for any organization that needs to protect themselves from this evolving threat.
VA: What are the three takeaways from this Ransomware attack?
JA: The first is to have a preventive strategy. These attacks can be prevented and they can be prevented with the most advanced threat prevention technologies. Also, try and ensure your patch strategy is up to date. Every organization should ensure that their software and the operating system are patched. Lastly, we are here to help. We have a local presence here in Nigeria. We are currently showcasing the most recent technologies. Like I said earlier on in February we announced the anti-ransom ware explosion that we use to actually prevent these attacks from infiltrating organizations.