A ransomware attack hit servers around the world yesterday. The infected computers displayed a message in red type over a black screen that read, "Oops, your important files are encrypted," demanding a $300 bitcoin ransom from users to recover the data. Attacks were first reported early Tuesday morning in Ukraine, where banks, an airport and the metro system, among other systems, were affected. It quickly spread to other European countries and the U.S. Some say the current attack is a variant of Petya, malware that has the ability to quickly spread over networks.
Cyber security experts believe that those behind the attack used the same type of hacking tool used in the WannaCry ransomware attack that affected more than 150 countries in May. Following the incident, organizations were urged to ramp up their security.
Ben Johnson spoke with Chester Wisniewski, a senior security researcher at Sophos, a network security company. He says this attack is more sophisticated than WannaCry because of the way it spreads through networks. Below is an edited excerpt from the interview:
Ben Johnson: How does this attack appear to be different than May's attack?
Chester Wisniewski: It's a bit more sophisticated. It has multiple ways it can spread within a computer network. When you look at a business with hundreds or thousands of computers there's not one thing that can be done to stop it from spreading once it's made it inside. It's a little more difficult for companies to defend themselves.
Johnson: What is concerning about the scale of the attack and where it might be coming from?
Wisniewski: What's concerning most is the sophistication of the malware itself — the fact that it has multiple ways to spread within a network. And it appears to have the capability of stealing administrative passwords to aid itself in spreading. These are all things that have concerned the research community for some time. And now that the template is out there for doing this type of an attack, there's reason to believe other criminals will copy it.
Johnson: In May the issue seemed to be related to Microsoft software and security that it patched — a lot of people hadn't updated their systems. What is the solve here?
Wisniewski: This attack uses that same flaw that the May attack used. In the May attack, fixing that bug protected the computer from ever becoming affected by the attack. In this case, any one computer within your network that didn't get the fix might be used as a jumping off point to attack the rest of them, even if they have been fixed. When you have 10,000 computers at a big company, you have to make sure all of them have been fixed because it can spread. Even if they've been fixed they can still be affected.