Guest Post: Petya, NotPetya, GoldenEye: How Do You Stay Ahead of the Ransomware Game?

Written by Cathy Won, senior director of product marketing at BDNA. Read the original post on the BDNA blog.

With the recent ransomware attacks that originated in Ukraine – listed under numerous names: Petya, NotPetya or GoldenEye – happening just weeks after WannaCry, security experts worldwide say that these new cyber attacks are just the beginning of a global ransomware epidemic.

These new attacks are impacting the way computer users have traditionally done things. In the past, users would take their time in adopting to new versions of software, because just like new car models, you want to make sure all of the kinks are worked out before taking the next step.

In the case of software, new versions are often adopted slowly, with trepidations from the possibility of new bugs introduced or new minor “feature” introductions that are not always welcome additions. Other users postpone the automatic patches because it disrupts their workday and they figure they will just run them later – sometimes months later, or they never get around to it.

But after these latest ransomware attacks, that traditional slow approach to software updates and patches has to change. Keeping your software up-to-date becomes imperative, from both business and personal perspectives. The need is to ensure your software is up-to-date to guard against malware and ransomware attacks that may not only hold your data for ransom, but may utilize your data and personal data for far more damaging results.

BDNA found that in one organization with more than 550,000 software installations, 56 percent of its software was found to be end-of-life (EOL), posing a very high security risk. More than 6,350 instances of the software installed had come to EOL more than 14 years before, and included applications from Microsoft, SAP, IBM, Symantec and more.

This kind of environment can become a ransomware attacker’s heaven. The driving force of ransomware will drive users to update their software more diligently. But human behavioral changes can take much longer than businesses can sustain.

So what’s the answer? How can organizations stay ahead of the ransomware game?

  1. Understand your organization’s inventory of EOL and end-of-support (EOS) software. This visibility is typically not an easy undertaking. However, there are automated approaches to ensure you are not caught off-guard by the next ransomware bandit. Check out When Software Goes Rogue.
  2. Force your enterprise’s users to patch their systems quicker, particularly Microsoft. In this latest attack, as in WannaCry, companies that failed to update their systems against the Microsoft vulnerability were the most prone to be hacked. Auto-force the patches and updates throughout your system.
  3. If you are hacked, do not pay the ransom. As Fortune points out, “there’s no guarantee extortionists will return your files. Second, funding cybercriminals will encourage them to develop similar attacks in the future.” Besides, Forbes said, the email account set up to provide keys (for Petya) has been shut down by the provider, Posteo. Thanks to that, there’s no obvious way of recovering files without backups.”

Software vulnerabilities in commercial products are the biggest source of data breaches in the enterprise. Not managing EOL of enterprise applications has major implications on enterprise security, compliance, and the ability to enforce critical processes.