A second major global ransomware attack in two months has left thousands of businesses reeling, with Russia’s biggest oil company, the Ukrainian Central bank, multinational shipping, logistics and marketing companies – and a chocolate factory in Tasmania among the casualties.
Similar to May’s WannaCry ransomware attack that affected more than 250,000 computers in 150 countries, the latest incident, which was reported on 27 June, exploited weaknesses in Windows-based systems not patched up since the WannaCry outbreak.
The ransomware software locks up computer files and demands a Bitcoin ransom payment to release them. Central Europe appears to have been hardest hit, but incidents have been reported from across the world, including the Cadbury’s chocolate factory in Hobart where systems are said to have been down since 9.30pm last night.
Some of the other businesses caught up include:-
Rosneft – Russia’s largest oil company
Netherlands-based shipping and logistics company TNT
Ukraine’s central bank, power grids and international airport
Mondelez International, food and drink manufacturer whose brands include Toblerone and Oreo
US-based offices of global law firm DLA Piper
Danish oil and shipping company AP Moller-Maersk
WPP – UK-based advertising agency
Major US drug manufacturer Merck
More Australian businesses are expected to be impacted today as the nation wakes up to the problem.
The bigger picture
2017 has been a remarkable year for cyber security breaches and even if Australia has been affected comparatively lightly to the rest of the world, there has been sufficient activity to ensure alarm bells continue to sound in businesses and boardrooms across the nation.
What both these attacks indicate is that ransomware is here to stay – and the threat is growing at an exponential rate. That’s not just fear mongering. Global ransomware damage costs were US$325 million in 2015. The 2017 figure is expected to be in excess of US$5 billion – a fifteen-fold increase in just two years, according to cybercrime research agency Cyber Security Ventures.
Mitigating the ransomware threat is paramount for businesses of all sizes, with regular software patching one of the best and most straightforward means. Regular, if not daily, off-site data back-up can also help businesses swiftly recover from ransomware attacks.
Other best practice IT security procedures should also be followed, including firewalls, application whitelisting, virus protection, restricted admin privileges and encryption.
Every business should also develop a data breach response plan, and educate all staff and contractors about what to do in the event of a cyber security breach.
Cyber insurance should also be factored into your business’s insurance program. It won’t stop attacks from happening, but can help recover the costs associated with them, such as income lost through an inability to trade.