How the cyberattacks differ and what it means for ransomware security
The world has recently come under attack from not one but two separate globe-trotting ransomware viruses infecting hundreds of thousands of systems and affecting millions of people. Ransomware security has never been more of a hot button issue as the two viruses were able to seize loads of data with the intent of extorting money from the victims.
While at first glance the two viruses appear to be similar in both intention and method, there’s actually quite a bit of distinction between the two in terms of the tech being used, the suspected motives for the release of these viruses, and just how damaging they were and continue to be.
Before we set off into describing the differences, however, let’s look at the similarities. Both took advantage of the EternalBlue exploit on Windows OS. EternalBlue allows the spread of the virus through the network via a server message bloc glitch. The exploit essentially meant that the two malwares were able to bypass ransomware security and spread far across the victim’s network. This exploit was patched, however, by Microsoft and therefore most updated systems should be protected.
What’s perhaps more frightening is that the EternalBlue was initially used by the U.S. National Security Agency and leaked online, which means that more exploits may exist, they just have yet to be revealed.
And things are ramping up in terms of the frequency and sophistication of attacks. According to a survey conducted by Barkly, 71% of organizations that had experienced ransomware attacks suffered successful infections despite the presence of ransomware security measures.
On the flip side, an Osterman Research Survey showed that only about three percent of U.S. companies paid up once infected, which means that while the initial rate of infection is highly successful, ransomware creators may be looking to change-up their strategy in terms of extracting payment from victims.
Which brings us to Petya and WannaCry and how they represent two different versions of the ransomware-filled future.
Perhaps the biggest distinction – and certainly the one with the biggest impact on how these ransomware stories play out – has to do with the motives of these attacks.
While WannaCry is a classic example of a ransomware infection where victims were locked out of their data and the malware required payment in order for the data to be retrieved, it’s looking more and more like Petya was in fact a cyberattack bent on destruction and disruption rather than monetary gain.
Petya was wiper malware that destroyed systems and data; not exactly a good tool for those who are looking to sell back said data to the victims. But it was disguised as ransomware and continues to use that as a front for its true intentions, which many believe was to strike at the infrastructure of Ukraine.
Around 60% of the systems infected by Petya were located in Urkaine, according to Kaspersky Labs. And the places that were attacked – central bank, airport, metro transport, Chernobyl power plant – indicate that this may in fact have been an infrastructure attack disguised as a ransomware incursion.
While Petya did infect many other companies and organizations outside Ukraine, the payment system was arcane and complex, and compared to the WannaCry ransomware, totally inefficient, which is leading many to believe that money was not in fact the motive.
While the Petya creators have since released a demand for $250,000, this is thought to be a further effort to cover up the true intention of the malware.
As you would expect, an attack on government infrastructure is going to be more complex and sophisticated versus an attempt to steal small amounts of money.
While WannaCry infected far more systems than Petya did, a big difference is in how they infiltrated said systems. While WannaCry primarily relied on the aforementioned EternalBlue exploit, Petya used this exploit but had other means of infecting systems.
Petya also used the EternalRomance vulnerability, which enables remote privilege escalation on certain versions of Windows. This exploit was patched by Microsoft, but that didn’t seem to help protect the systems.
And as mentioned before, Petya seemed more concerned with wiping data and destroying systems rather than simply locking the user out and later ransoming the data back.
Petya is scarier
The fact is that comparing the two malwares is overly-simplistic. WannaCry is simply a tech update on practice that has been going on since the dawn of time: theft. Your computer is infected, your data is locked, you have to either pay the ransom, use your backup data, or let the data go. While the first option is often discouraged by governments and law enforcement agencies, ransomware security and other measure will often be able to prevent most of these petty attacks.
Petya, on the other hand, is a more organized and altogether more devastating form of malware. Being able to hack into power plants, for instance, could have cataclysmic consequences for the surrounding area depending on the intentions of the hacker.
As such, you have two malwares that are ostensibly similar on the outside, but could not be more different in terms of the scale of ruin that they could bring about.
What this means is that ransomware security needs to be a priority for companies, agencies, governments and users across the globe in order to prevent these attacks from succeeding.
But perhaps more alarming is that the more sophisticated versions of these attacks are likely going to be able to bypass these measures, which means that the cybersecurity industry is facing an uphill battle against malware attacks. And the stakes have never been higher.
This article was written by Sean Westbrook. Sean is a content specialist for a disaster recovery solution provider. Sean is a dreamer, idea generator and teller of stories. Sean is also a Basketball fan, traveller and vintage furniture lover.