Smart Buildings

Latest Cyber Attack Underlines The Need For Better Protection

It hasn’t even been seven weeks since WannaCry, “the biggest ransomware attack of it’s kind,” and here we are again. On Tuesday began a new ransomware attack quickly, and perhaps premtively, dubbed ‘Petya’ - which is currently and quickly spreading across the world, crippling computer systems and demanding victims pay-up to regain access to their files. Yesterday morning sources revealed that the software used is not a form of Petya, as was being widely reported, but a new form of ransomware. “Our preliminary findings suggest that it is not a variant of Petya ransomware, as has been publically reported, but a new ransomware that has not been seen before. While it has several strings similar to Petya, it possesses entirely different functionality. We have named it ExPetr,” Kaspersky’s Principal Security Researcher, David Emm, told Memoori. Early signs suggest that ExPetr has been seeded through a software update mechanism built into an accounting program required by […]

Stay ahead of the pack

with the latest independent smart building research and thought leadership.

Have an account? Login

Subscribe Now for just $200 per year per user (just $17 USD per month) for Access to Quality Independent Smart Building Research & Analysis!

What Exactly Do you Get?

  • Access to Website Articles and Notes. Unlimited Access to the Library of over 1,700 Articles Spanning 10 Years.
  • 10% discount on ALL Memoori Research reports for Subscribers! So if you only buy ONE report you will get your subscription fee back!
  • Industry-leading Analysis Every Week, Direct to your Inbox.
  • AND Cancel at any time
Subscribe Now

It hasn’t even been seven weeks since WannaCry, “the biggest ransomware attack of it’s kind,” and here we are again. On Tuesday began a new ransomware attack quickly, and perhaps premtively, dubbed ‘Petya’ - which is currently and quickly spreading across the world, crippling computer systems and demanding victims pay-up to regain access to their files.

Yesterday morning sources revealed that the software used is not a form of Petya, as was being widely reported, but a new form of ransomware. “Our preliminary findings suggest that it is not a variant of Petya ransomware, as has been publically reported, but a new ransomware that has not been seen before. While it has several strings similar to Petya, it possesses entirely different functionality. We have named it ExPetr,” Kaspersky’s Principal Security Researcher, David Emm, told Memoori.

Early signs suggest that ExPetr has been seeded through a software update mechanism built into an accounting program required by companies working with the Ukrainian government, according to the Ukrainian Cyber Police.

Numerous organizations in Ukraine were among the first hit on Tuesday, including the radiation monitoring system for the exclusion zone at former nuclear plant in Chernobyl, which was taken offline forcing workers to use hand-held counters for the vital measurements.

Ukraine has been the target of other cyber attacks in recent years, including assaults on its power grid at the end of 2015 and 2016, when it pointed the finger of blame at Russia amid the tension from rebel fighting in eastern Ukraine. Similar to last month’s WannaCry attack, this latest ransomware is spreading quickly and internationally.

ExPetr has already brought down systems at large firms in Europe and the US; including the British advertising company WPP, Danish shipping and transport giant AP Moller-Maersk, French construction materials firm Saint-Gobain, food company Mondelez, legal organization DLA Piper and Heritage Valley Health System, which runs hospitals and care facilities in Pittsburgh. Interestingly, considering suspicions of Russian involvement, the new ransomware attack also hit Russian steel and oil firms Evraz and Rosneft.

In fact, Ryan Kalember from cyber security company Proofpoint, suggests ExPetr “has a better mechanism for spreading itself than WannaCry” - and WannaCry managed to infect 230,000 computers in over 150 countries, disabling the UK’s national health service, Spanish communications giant Telefónica and the German state railway.

Like WannaCry, the ExPetr ransomware exploits the EternalBlue and EternalRomance vulnerabilities in Microsoft Windows in order to propagate throughout a corporate network. Microsoft released a patch for it shortly after the WannaCry attack, but it is likely that many are yet to install it. However, there is a key difference from WannaCry that could mean victims may not be able to recover their files even if they pay.

“One of the key differences from WannaCry is that there doesn’t appear to be a kill-switch, i.e. a mechanism that will stop if from infecting. This is why it’s essential to ensure that systems are fully updated and to ensure that data is backed up regularly,” David Emm told us yesterday.

Whereas WannaCry created a custom address for every victim, ExPetr uses the same address each time. It also provides a single email address for victims to communicate with the attackers, which was quickly suspended by the email provider, leading some to suggest that the cyber criminals were amateurs and others to suggest that money was not the primary objective of the attack.

Whatever the reasons behind this latest incident, it underlines the need for better protection in what seems to be just the beginning of a new era of frequent cyber threats, be they ransomware, DDoS or other forms. However, with so many styles and points of attack, true protection becomes a tricky business. Kaspersky’s Emm believes we are best protected by developing a culture of security, as he discussed in-depth in an interview with Memoori last week.

“ExPetr uses modified EternalBlue and EternalRomance exploits for propagation within a corporate network. So ensuring that systems are robust by applying security updates is a key element in blocking this attack, as well as preventing execution of specific files used by the malware,” Emm added yesterday, after the ExPetr attack.

“That said, it remains vital for businesses to develop a security culture to reduce the risk of staff clicking on dangerous links and attachments and so spreading malware. This takes time and needs continual reinforcement – it’s a cultural shift that’s required, rather than training staff to do specific things.”

[contact-form-7 id="3204" title="memoori-newsletter"]

Most Popular Articles

SPIE
Energy

SPIE Technical Facility Management Business 2024 Examined

This Research Note examines the French public company, SPIE and its focus on building solutions, which is one of four strategic markets that the group addresses in central and northern Europe. This article covers the Group’s fields of expertise, its development since 2013 through platform and bolt-on acquisitions and its expansion in the Netherlands, based […]

Infogrid Acquicore Lawsuit
Smart Buildings

Infogrid Faces Lawsuit over 2022 Acquisition of Aquicore

Established in 2018, UK-based smart building firm Infogrid quickly made a splash in the market, picking up a range of high-value customers including banks, supermarkets, and restaurant chains, as well as the UK’s National Health Service (NHS) during the peak of the global pandemic. The firm has attracted $135.5m in investment (including debt financing) from […]

IWMS Spacewell Nemetshek 2023
Smart Buildings

Spacewell Smart Buildings Business & Financials 2023 Examined

In this Research Note, we examine Spacewell, part of the Manage segment of Nemetschek, which provides software for the management and operations phase in the building lifecycle. This article is based on their 2023 annual results, investor presentations, Annual Report of the parent company, published on 21st March 2024 and the group’s strategy in the […]

Subscribe to the Newsletter & get all our Articles & Research Delivered Straight to your Inbox.

Please enter a valid email

Please enter your name

Please enter company name

By signing up you agree to our privacy policy