Picture the scene: in parts of Africa and Europe, office workers are sitting at their computers when the instruction comes into their office mailboxes: “As a precautionary measure, turn off your Windows-based computer and do not use WiFi – the company is under attack globally from a new virus software.”
Elsewhere near Mumbai, a terminal at India’s biggest container port is unable to load or unload because of the attack, as the facility can’t identify which shipment belongs to which company. In Kiev where the attack begins, operations are disabled in government systems, private global companies and the Chernobyl nuclear facility.
This all sounds like a scene from Tom Cruise’s latest Mission Impossible, filming right now, but instead it is, unfortunately, fact and not fiction.
These scenes – and many more across Europe, Russia, Asia, Africa and North America – unfolded on 27 June as a new ransomware variant attack, the Petya virus, was unleashed globally. Victims were told to pay $300 in cryptocurrency per infected computer to unlock their systems.
Anton Jacobsz, MD of Networks Unlimited, an authorised distributor of Fortinet in Africa, says: “This new ransomware global attack comes just six weeks or so after the WannaCry ransomware crippling of computers in at least 150 countries in mid-May. The strength and reach of these two global ransomware attacks in such a short space of time underscores the seriousness of this kind of cybercriminal activity and the need to guard your organisation.”
Jacobsz says the Petya virus – in just hours – has already impacted on a wide range of industries and organisations, including critical infrastructure such as energy, banking and transportation systems.
He clarifies: “This variant is part of a new wave of multi-vector ransomware attacks that Fortinet is calling ‘ransomworm’, which take advantage of timely exploits. The ransomworm is designed to move across multiple systems automatically, rather than stay in one place. It appears that the Petya ransomworm is using similar current vulnerabilities that were exploited during the recent Wannacry attack.
“However, this variant, rather than focusing on a single organisation, uses a broad-brush approach that targets any device it can find that its attached worm is able to exploit. It appears that this attack started with the distribution of an Excel document that uses a known Microsoft Office exploit. Because additional attack vectors were used here, patching alone would have been inadequate to completely stop the attack, which means that patching needs to be combined with good security tools and practices.”
Jacobsz adds that Fortinet customers were protected from all the attack vectors, as they were detected and blocked by Fortinet’s ATP, IPS and NGFW solutions. “In addition, the Fortinet AV team issued a new antivirus signature within a few hours of the discovery to enhance the first line of defence. Further, Fortinet is making available a number of different resources to help customers ride out this new wave of ransomware attack.”
