How small and medium businesses can protect themselves against NotPetya, WannaCry and other ransomware

Business Reporter·NZ Herald·

29 Jun, 2017 02:37 AM5 mins to read

A computer infected with Petya. The ransomware is encrypting files.

Kiwi companies should be getting ready for a rise in cyber attacks reaching this country, says a security expert.

NotPetya, the latest round of ransomware infecting companies around the world, is the second global-scale cyber attack to reach New Zealand this year.

Law firm DLA Piper, Cadbury New Zealand and shipping giant Maersk have reportedly been affected by the attack, and more are anticipated.

"It's difficult to say how prepared any of us can be for what looks like the unforeseeable," said Sean Lyons, director of outreach for not-for-profit online safety organisation Netsafe.

"We can say only two big ones [attacks] this year but the truth is that there would have been hundreds that have affected people all over the world, so we do need to maintain our guard."

The NotPetya attack disables computers and tells users to pay US$300 in cryptocurrency to unlock them.

Xero head of security Paul Macpherson said he expected the frequency and severity of attacks to increase.

"Some of these gangs are making millions of dollars from ransomware," Macpherson said.

"Although, that said, it would appear that whoever was behind the NotPetya ransomware didn't make a lot of money because the email address they were using to receive Bitcoin got shut down fairly early on in the piece. They may have only made less than $10,000."

New Zealand companies were no safer than others overseas, he said.

"New Zealand's geographic isolation doesn't really help us when it comes to cyber attacks, malware and phishing. Quite literally you're only two seconds from the other side of the planet, or less, so a lot of these malware campaigns and ransomware are really just a shotgun affect. They fire it out to whatever email address they've got and they don't really care where in the world you are."

Xero said it did not believe any of the small businesses in its database were infected by NotPetya.

There are a number of things firms can do to protect themselves.

Update IT infrastructure

"NotPetya and WannaCry campaigns have highlighted the need for small businesses, and everyone generally, to make sure that their computer systems are up-to-date, that they have the latest security patches applied," Macpherson said.

"Like many attacks that are coming from hackers and scammers, they exploit known vulnerabilities and sometimes those vulnerabilities may be quite old."

Lyons said he understood why some firms may have to run an older operating system, but it was important to make sure it was properly patched for security.

"If you're going to maintain an older operating system then you have to be darn sure that it's as safe as it possibly can be."

Back up your data

"As far as ransomware goes, if you are infected, backups are critical," Macpherson said.

Make sure backups are external and offline, he said.

"Small businesses or people at home might backup to a USB drive but the trouble is a lot of the ransomware will lock to all the drives that are connected to your system and try to encrypt those as well."

Backing up to Cloud services are good for remote access, but it comes with a risk.
"A lot of those backup systems have automatic backups or automatic synchronisation and if you get hit by ransomware, depending on the type, you could find that your backup gets syncronished with the encrypted file."

Security awareness was key, Macpherson said.

"Typical ransomware is delivered by phishing emails, the emails where people want you to click the link or attachment, and basically to infect your system yourself," he said.

"Being wary of emails or sources you don't know or odd subject lines with things you weren't expecting, for instance those bogus emails that tell you you've missed a courier delivery from FedEx or DHL or whoever, when you weren't expecting something.

"A recent one going around says, 'Your Amazon order has been cancelled', ... don't click those links unless you know they are from a trusted source."

Have a cyber safety plan

"Businesses should have some kind of plan in place for this type of incident. This is not going to be the last time we see ransomware, it's going on all the time."

Lyons said it was important to have reliable recovery mechanisms.

"Sit down and look at your IT infrastructure ... Think about what would happen if your data or application disappeared tomorrow, what would you do? How much would it impact your business? Would you carry on as normal?

"If something is important to your business then they have to be worth thinking about how you would get back up and running should you be attacked."

He said businesses should be using recent examples of ransomware attacks to prompt planning in advance.

"When we hear stories like this, if we're not affected it's great, we all touch wood and say 'Phew, thank goodness that wasn't me', but we should be using them is as a reminder to say, 'It wasn't me today, but what if it was me tomorrow'."

Lyons said there was a significant underground economy in the production and distribution of ransomware.

"The idea that a hacker is a person sitting in a room doing this for amusement or vandalism might be part of it, but we have to be realistic and take into account the fact that this is a business ... People are making money and they are motivated by the financial return."