Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.
TECHNOLOGY

What You Need to Know About the Petya and WannaCry Cyber Attacks

Published On :

Sam Reed, Chief Technology Officer at Air IT 

Financial losses, data breaches and reputational damage are just some of the ways a cyber-attack can hit an organisation hard.

The Petya and WannaCrycyber-attacks in May and June are two of the biggest in history and impacted the finances of companies throughout the globe. A recent report by the insurers Lloyd’s of London said a major cyber-attack has the potential to cost as much as a natural disaster.

WannaCry, which affected numerous organisations, including the NHS, spread to 150 countries and is estimated to have cost the global economy £6bn.

Petya caused problems with shipping and invoicing for Neurofen manufacturers Reckitt Benckiser, who are expecting to make losses of about £100m as a result of the attack. Some of the world’s largest organisations including Cadburys and Oreo cookies manufacturer Mondelez were also affected by Petya.

A cyber-attack can also lead to a fine for a data breach – a prospect that will become even more real when the new General Data Protection Regulation is introduced in May 2018.

How WannaCry and Petya worked

 To begin with, both attacks were referred to as ransomware attacks because they locked people out of their computers and demanded payment to let them back in. 

Some cybersecurity experts now believe Petya was not a ransomware attack because it was incredibly difficult to pay the hackers. Ransomware attacks usually make it very easy to make payment. They sometimes even offer step by step guidance and a help centre.

Instead, they believe the malware which they are now calling NotPetya, was designed to spread damage rather than collect money.They have suggested the attack may have been disguised as ransomware to make it appear to be criminal ledwhen it may have been state sponsored.

The malware initially spread through an accounting program used by organisations working with the Ukrainian government. It affected several parts of the country’s infrastructure including banks, airports and railways. It then spread globally through phishing emails, which are disguised as legitimate communications but ask for sensitive information like passwords.

WannaCry and Petya both exploited the same vulnerability in the legacy Microsoft operating system Windows XP andWindows Server 2003. Legacy systems rarely have the necessary security updates, issued in the form of patches, to protect them from the latest threats. Attackers tend to exploit these shortcomings.

Due to the extent of the WannaCry attack, Microsoft didissue a patch for both platforms but some organisations delayed implementing it before Petya. In addition, up to date systems which hadn’t implemented a patch from March 2017 were also vulnerable to the attacks.

How to protect yourself 

Petya and WannaCry reinforced the need to take two crucial protective measures – updating legacy systems and using patches to protect against new threats.

The importance of doing more to educate users on how to prevent malware spreading was also evident. All employees should be taught how to recognise suspicious emails. Ransomware usually needs users to carry out actions like clicking on a link, or downloading an infected attachment.

It is also impossible to overstate the importance of backing up data in case you are hit. You can’t be held ransom for data you can access elsewhere. 

To protect yourself effectively, or at least lessen the impact if you are hit, you need a layer of cyber securitymeasures. The most fundamental ones are:

Simple housekeeping measures like deleting old user accounts will also help you keep on top of your cyber security. Users should be restricted from having access to areas of your network which they don’t need. This will help prevent infections from spreading.

 The best time to protect yourself is now 

WannaCry and Petya may have mainly affected large organisations but businesses of all sizes should protect themselves.

A study by the Federation of Small Businesses reported that small businesses are bearing the brunt of cyber crime. They found that 19,000 cyber crimes are committed against small businesses in the UK every day. Although many small businesses are taking steps to protect themselves, security standards vary and more can be done.

Cyber criminals are getting increasingly sophisticated and attacks are generally automated now. Bots can be used to scanoperating systems for vulnerabilities so a mass attack that catches as many people as possible can be deployed.

This means you need to take every step you can to protect yourself and you need to do it today. No one can predict when they might be attacked, so being prepared at all times is the best approach.

Continue Reading

Recent Posts