Experts urge organisations to take action against 'global pandemic' of cyber-attacks

Organisations around the world must take urgent security action to halt an “ongoing ransomware rampage” after the latest major attack, experts have said.

Cyber-attacks which encrypt users’ files and demand money for their return are a “global pandemic,” one expert said, following the latest rapid spread through organisations in countries as diverse as Ukraine, the U.S., Russia and France. The ransomware, which has been labelled NotPetya after initial reports incorrectly identified it as the similar, older malware Petya, caused disruption to power grids, construction companies, shipping firms and hospitals, among many others. The attack infected computers at the Chernobyl nuclear plant, forcing workers to manually monitor radiation.  

Security experts have urged organisations to rapidly improve cyber-security procedures and systems following the rampant success of WannaCry in May. They have urged bosses to stop ignoring the problem after the latest “incredibly virulent” attack.

Organisations need to know exactly what internet traffic is going in and out of their systems, said Simon Gibson, security architect at Gigamon. “Companies need greater visibility into their networks to detect and remediate incidents and malware attacks,” he said. “The inability to investigate and detect the spread of the attack across computer networks is greatly impacting critical infrastructures.” Better understanding of I.T systems also helps organisations avoid attacks before they happen, he added, by allowing them to assess vulnerabilities and detect outdated servers.

Companies must use email and web filtering, and educate employees in basic cyber-hygiene such as not opening suspicious emails, other experts said. They reiterated a call for organisations to install security patches regularly and rapidly, but said they must take other steps if this is not possible, such as using server firewalls. New systems should be designed with multi-factor authentication – such as biometrics and behavioural analytics – built in, said Ryan Wilk director at NuData Security.

Despite the latest attack asking for $300 in Bitcoin in exchange for restored access, Amichai Shulman, co-founder and CTO of security company Imperva, said WannaCry showed rapidly replicating ransomware is “not a viable financial model”. Data shows the NotPetya attack was aimed at disrupting organisations rather than making money, he said.