It’s déjà vu all over again, as Yogi Berra once said.
Last month, the WannaCry ransomware program affected computers all around the world. On June 27, new ransomware shut down computers all across the Ukraine and many other parts of Europe.
Among the affected organizations, the most severe problems are being reported in the Ukraine, where systems at Ukraine’s central bank, state telecom, energy grid, Kiev’s Boryspil Airport, and municipal metro services. Infections have also been reported at the infamous Chernobyl nuclear power plant, which has switched to manual radiation monitoring as a result. Even ATMs and point-of-sale terminals have been infected.
Ukraine’s Prime Minister, Volodymyr Groysman, described the attacks on his country as “unprecedented.”
Danish shipping company Maersk also reports that its systems across multiple sites have been affected by the ransomware. Attacks have also been reported in Russia and France.
“We are talking about a cyber-attack,” Anders Rosendahl, a spokesman for Maersk, told the Associated Press. “It has affected all branches of our business, at home and abroad.”
In the United States, pharmaceutical company Merck and the U.S. offices of law firm DLA Piper have also been affected. F-Secure Chief Research Officer Mikko Hypponen said that the virus could hit the USA pretty badly.
Kaspersky Lab identified the software as PetrWrap, a variant of the Petya ransomware. PetrWrap is designed to delay implementation of the ransomware, so it may have been infecting computers for a long time. And only four out of 61 antivirus services tested by VirusTotal successfully detected PetrWrap.
Like WannaCry, PetrWrap uses the EternalBlue exploit, allowing it to spread quickly. EternalBlue is believed to have been developed by the U.S. National Security Agency. Microsoft patched the vulnerability for all versions of Windows, but many users have not updated their systems and remain vulnerable to the exploit.
Although the origins of the attack are not known, there are some indications that are causing people to point the finger at Russia. Foremost of these is the involvement of Ukraine’s power grid, which was attacked in December of 2015. At that time, many people attributed that attack, which left 230,000 Ukrainian residents without power for several hours. Russia has denied the accusations.
The lesson to be learned here is that it’s critically important for all businesses to keep their software up to date in order to prevent vulnerabilities to ransomware like WannaCry and PetrWrap. Some businesses have good reasons for not updating to the most current version of Windows, for example—including CRM systems or proprietary software that may not be compatible with that version.
But consider this: is the value of sticking with old, familiar software higher than the value of being afflicted with ransomware and spending a great deal of time and money to fix the problem? If ransomware would cause more losses than the implementation of new software, it’s time to start shopping for new software that will allow you to keep your system software up to date.