It seems obvious that the worst news coming from the ransomware attack that is occurring is simply that: A major attack is occurring that is playing havoc with computers and networks around the world.
But it may not be. Continuity Central reports that the attack apparently is “based on a new type of ransomware, which may be being used as a probe for a future more aggressive attack.”
Discussing malware sounds much like discussions of disease epidemics: First disturbing, then scary and, finally, terrifying. In this case, Kaspersky Lab suggests that the ransomware is similar to known malware called Petya. However, it has different functionality and has been labeled “ExPetr” by the firm. The message from FortiGuard Labs is that the worst may be yet to come:
Fortinet’s security research team, FortiGuard Labs is calling the ransomware a new Petya variant and believes that this attack may mainly be a test for delivering future attacks targeted at newly disclosed vulnerabilities. FortiGuard Labs says that in spite of the highly publicised disclosure of the Microsoft vulnerabilities and patches following WannaCry, there are still countless organizations, including those managing critical infrastructure, that have failed to patch their devices.
The story also details FortiGuard’s finding that the Petya variant is more dangerous than previous ransomware because it targets systems as well as data and is programmed to add denial-of-service capabilities over time.
CNET said that the current ransomware, which it refers to as GoldenEye, is similar to WannaCry in that it takes advantage of an exploit that was stolen from The National Security Agency in April by a group called the Shadow Brokers. The exploit uses a Windows function that quickly disseminates files across a network. Not only is it speedy, but it enables computers that are secure and updated to be affected through malware downloaded into other machines. In other words, there is no place to hide.
Another frightening element is the random nature of how these problems materialize. Fortune reports that the likely unintentional culprit in launching GoldenEye/ExPetr was MeDoc, a Ukrainian firm that makes accounting software. Hackers apparently breached its network and put the malware on an update that was sent to customers on June 22. Business Insider has a simplified bulleted list of the important points of how the ransomware works.
We live in a world in which a legitimate update to software offered by an obscure company can end up messing with millions of computers and computer systems worldwide. That’s not good and not fair. Moreover, the attacks seem related and incrementally more serious. Hopefully, ways will be found to combat ransomware, but the situation at present is getting worse.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at cweinsch@optonline.net and via twitter at @DailyMusicBrk.