As the Petya ransomware attack infects computers worldwide, it emerges that one of the apparent lessons of the WannaCry attack was wrong, or at least lulled companies, that thought they had learned their lesson, into a false sense of security.
Messages from Microsoft saying your computer needs an update can be a pain. Too many people ignore them. Upgrading your version of Windows, moving away from XP, can be a pain too – not to mention expensive.
But the WannaCry virus attack that disabled computers across the world, including at the NHS, told us that keeping our PC up to date is vital – the mood switched from “oh no, not another update”, to “good, another update that gives me peace of mind.”
WannaCry put ransomware on the front pages; it was a painful and expensive lesson, but a lesson learned.
All the more shocking then, that a new ransomware attack has created chaos once again, with companies such as Russian oil giant, Rosneft, the world’s leading advertising agency, WPP and Danish shipping and energy conglomerate, Maersk, all falling victim to a new ransomware attack, this time called Petya.
Like WannaCry, Petya takes advantage of a flaw in earlier versions of Windows, first uncovered by US security forces, known as Eternal Blue, details of which found their way onto the dark web. Vulnerability to WannaCry could have been avoided by ensuring the Eternal Blue patch, released by Microsoft back in March, was loaded, and it could have been avoided by installing one of the latter versions of Windows.
No one knows for sure who was behind WannaCry, but suspicion has centred on North Korea.
The Petya attack initially began in Ukraine, leading to claims by the Ukrainian government that Russia was behind the attack. This claim seemed to lose credibility when Russian companies also became victims. At one point yesterday, it was claimed that 60 per cent of the attacks were focused on Ukraine, 30 per cent on Russia, so unless Russia was playing a very canny game indeed, or its attack backfired, it seems unlikely it was behind this one.
But now it has emerged that companies that did install the Eternal Blue patch were among those who fell victim to the attack. A detailed explanation is not yet available, but it appears, that while the patch can stop the ransomware in a direct attack, the vulnerability emerges when a computer is part of a network when one of the other machines in that network did not have the patch installed. It appears that in the fight against Petya, a network is only as strong as its weakest link.
Cyber security firm Symantec claims that: “Symantec Endpoint Protection and Norton products proactively protect customers against attempts to spread Petya using Eternal Blue.”
It does seem that the core reason why Petya has spread so quickly is that actually the full lesson of the WannaCry attack was not learned. Maybe some users were lulled into a false sense of security, assuming that because they had installed the Microsoft patch, they were safe.
It is clear, protecting yourself against cybersecurity is not easy, companies may think they are safe, when they are not. This is not an area where short-cuts are advisable, this is not an area that allows room for any kind of complacency.