Just when Australian businesses thought they had escaped the worst of WannaCry, there's a new ransomware campaign hot on its heels and reportedly exploiting the same vulnerability. The malware responsible is widely thought to be a version of Petya which some industry specialists have termed "NotPetya". Whatever the name, this fresh ransomware campaign has already crippled Ukrainian government departments, banks, power distributors and transport networks before reportedly spreading to other high-profile victims such as a British advertising powerhouse, a French construction materials giant and one of the largest pharmaceutical companies in the world. Australia is unlikely to escape (relatively) unscathed this time, with the Australian staff of a global law firm locked out of IT systems after Petya impacted one of its overseas offices and the Tasmanian base of one of the largest confectionary companies in the world also targeted.
At the time of going to print the ransomware continues to spread and it’s far from 'game over'. The Assistant Minister for cyber-security Dan Tehan is calling the fresh attack a "wake-up call" and the Prime Minister's cyber security advisor Alastair MacGibbon has warned against paying ransoms for Petya, urging businesses to instead back up their data to "avoid being a victim in the first place".
If you haven't done so already, it’s time to act. Here are our top tips for Australian businesses.
Start with technology solutions
While technology is not the only solution, it is an important component. The Australian Cyber Security Centre recommends that organisations take the following steps:
- Patch/update systems immediately, including Microsoft operating systems. Using unpatched and unsupported software increases the risk of cyber security threats such as ransomware.
- Back-up your data. If you do not have back-ups in place you can arrange to use an off-site backup service. This is good practice for all users.
- Ensure your antivirus software is up-to-date.
Policies, plans and procedures
This is a timely opportunity for organisations to update existing policies in relation to email and internet usage, password protection and the use of mobile devices, and to remind all users of the risks of opening email attachments received from unknown or suspicious sources. Organisations should also revisit their cyber incident response plans in the aftermath of Petya.
What if I am impacted?
The Prime Minister's cyber security advisor and the Australian Cyber Security Centre warn that individuals and organisations should not pay the ransom. There are widespread reports that the contact email address provided in the ransom message has been disabled, which means the files are highly unlikely to be recovered by paying the ransom.
If an organisation has backed-up its critical data appropriately then it should generally be possible to restore access to the data without paying a ransom.
For more tips on improving your organisation's cyber resilience in the aftermath of this latest development, download MinterEllison's latest cyber security survey report - Perspectives on Cyber Risk 2017.