fbpx

Enter your keyword

Why Nyetya is more threatening than WannaCry

Why Nyetya is more threatening than WannaCry

Why Nyetya is more threatening than WannaCry

The WannaCry ransomware, which infected 200,000 business globally and made over $100,000 in ransom payments, is said to be one of the worst cyber attacks in history. However, a new ransomware strain named Nyetya is shaping up to be a more formidable security threat. It has already affected businesses globally, and security firms and researchers believe it to be stealthier and more sophisticated than WannaCry.

Worse than WannaCry

Nyetya is deemed worse than WannaCry mainly because it spreads laterally, meaning it targets computers within networks and affects even systems that have been patched. Because it also spreads internally, it needs to infect only one device to affect several others within a single network.

Cyber researchers trace its origins to a tax accounting software called MEDoc, which infected 12,500 systems in Ukraine. Since the initial infections in June, it has spread to thousands of networks in 64 countries. And although it hasn’t spread as fast as WannaCry, it might have a wider reach soon because it uses three attack pathways to infect a system. It hasn’t made as much money as WannaCry, which is why cyber researchers are concluding that the attacks are not economically motivated.

Don’t pay the ransom

Cyber security firms and researchers strongly recommend affected businesses to avoid paying the ransom. According to them, paying the ransom would be a waste since the infected user won’t be able to receive a decryption key to unlock their files or systems. This is because the email provider has blocked the email address on the ransomware message.

Although it operates like a ransomware — locking hard drives and files and demands a $300 ransom in Bitcoin — it functions more as a wiperware that aims to permanently wipe out data and/or destroy systems. So far, it has affected big-name multinationals in various industries, including Merck, Mondelez International, and AP Moller-Maersk, among others.

Perform backups and update outdated security patches

The only way businesses can be protected is by performing backups and staying on top of patch updates.

It’s safe to say that in case of a Nyetya attack, there’s no chance of getting back your data. In such a scenario, you would have only your backup files — whether on an external storage or in the cloud — to fall back on. But backing up is not enough; you should also ensure that your backups are working, which you can do by testing them regularly. Given the nature of Nyetya, you should also make sure that your backups are stored off-site and disconnected from your network.

Like its predecessor, Nyetya exploited vulnerabilities in unpatched Microsoft-run computers. As a business owner, make it a part of your cyber security routine to update your systems with the latest security patches, or risk having your files or systems permanently corrupted.

As a business owner whose operations’ lifeline depends on critical files, your backups are your insurance. If your systems’ network security needs another layer of protection, get in touch with us today.

Published with permission from TechAdvisory.org. Source.

Dropsuite:

Dropsuite is a cloud software platform enabling businesses and organizations globally to easily backup, recover and protect their important business information including emails, contacts, calendars and OneDrive/Sharepoint files. Compliant email backup and archive system with a 10-year retention policy.

Vade Secure:

Vade Secure is an AI-based email security solution to improve security for Office 365 and block advanced phishing, spear phishing, and advanced malware threats. Vade Secure analyzes emails, webpages, attachments, and images with machine learning and deep learning algorithms that are trained to detect behaviors and anomalies common to advanced email threats.

Office Protect:

Office Protect is a service that’s designed to help you secure your Microsoft 365 tenant. Using our powerful in-house security software, our analysts actively monitor for threats, investigate alerts, eliminate false positives, and provide guided response and remediation. Protects against account break-ins, data exfiltration, business email compromise, phishing, internal threats, lateral movement, ransomware, and attacks by nation states.

Dark Cubed:

Dark Cubed focuses on real-time monitoring, threat intelligence, predictive analytics, elegant dashboard, streamlined workflow, executive reporting and active blocking. This is another layer of security that integrates with the firewall.

ThreatLocker:

ThreatLocker is a zero-trust endpoint security tool giving companies control over what software can run, by whom, and what data can be accessed.

It keeps a full detailed audit of what applications are used and data accessed/transferred/deleted and by what users (signature tracking, etc.) If something unusual happens, such as a signature change, or a user opens an application that is out of their normal routine the administrator is alerted. This is a crucial tool in identifying malware threats, as well as helping organizations identify if users are accessing applications and/or data/ files they should not be.

ThreatLocker provides a solution that allows businesses to control the content that runs on their network. Unlike AntiVirus software ThreatLocker is not looking for known viruses or malware. ThreatLocker uses a complex set of rules to determine what can be executed on a network and stops anything that has not been approved before it can even execute.

Huntress:

Huntress is a supplement to SentinelOne. Hackers are becoming more sophisticated, and Huntress actively seeks out these threat actors with a "defend forward" mentality. This software combines both advanced security tools along with human intervention to ensure even the most advanced hackers can't penetrate your network.

SentinelOne:

SentinelOne is a comprehensive enterprise security platform that provides threat detection, hunting, and response features that enable organizations to discover vulnerabilities and protect IT operations. SentinelOne integrates static artificial intelligence (AI) to provide real-time endpoint protection and reduce false positives that derail investigations or make threat detection a capital-intensive process. This will replace Webroot in your current environment.