News

I Wannacry over Petya

News >>

Just as our businesses avoided or got over WannaCry, the name given to the recent Ransom\ware, there's a new attack following close behind. It appears it is exploiting the same vulnerability as Wannacry. The malware responsible is widely thought to be a version of Petya. This latest  ransomware has already crippled Ukrainian government departments, banks, power distributors and transport networks. Now apparently it has spread to other high-profile victims such as a British advertising firm, a French construction materials giant and one of the largest pharmaceutical companies in the world. Australia is unlikely to avoid it this time, with Cadburys and TNT having announced they have fallen victim. the Australian staff of DLA Piper, a global law firm, has apparently been locked out of IT systems after Petya impacted one of its overseas offices.  

The ransomware continues to spread and it’s far from over. The Assistant Minister for cyber-security Dan Tehan is calling the fresh attack a "wake-up call" and the Prime Minister's cyber security advisor Alastair MacGibbon has warned against paying ransoms for Petya, urging businesses to instead back up their data to "avoid being a victim in the first place".

So it is now time for you to manage this risk effectively.


Start with technology solutions
While technology is not the only solution, it is an important component. The Australian Cyber Security Centre recommends that organisations take the following steps:

  • Update all your systems immediately, including Microsoft operating systems. Using unpatched and unsupported software increases the risk of cyber security threats such as ransomware.
  • Back-up your data. If you do not have back-ups in place you can arrange to use an off-site backup service (the Cloud). This is good practice for all users.
  • Make sure your antivirus software is up-to-date.

Policies, plans and procedures
 Make sure existing policies in relation to email and internet usage, password protection and the use of mobile devices, are up to date.  Remind all users of the risks of opening email attachments received from unknown or suspicious sources. Organisations should also revisit their cyber incident response plans in the aftermath of Petya.

What if I am impacted?
The Prime Minister's cyber security advisor and the Australian Cyber Security Centre warn that individuals and organisations should not pay the ransom. There are widespread reports that the contact email address provided in the ransom message has been disabled, which means the files are highly unlikely to be recovered by paying the ransom.

If an organisation has backed-up its critical data appropriately then it should generally be possible to restore access to the data without paying a ransom.

Take out Cyber Risk Insurance

As a last step, we recommend taking out Cyber Risk Insurance. There are many varieties of policies varying in cost and cover. There is a cost to hiring IT experts to “de-contaminate” computers and servers and get you back on line again. There is also a chance that money can be stolen, confidential files (that you have a duty to protect) accessed and a loss if income to your business can occur. All included within a policy that is covering these costs to your business. Talk to us today about such a policy and consider this for your protection..

Last changed: Jun 29 2017 at 2:16 PM

Comments

  1. None Found

Add Comment

Latest News

I Wannacry over Petya

Just as our businesses avoided or got over WannaCry, the name given to the recent Ransom\ware, there's a new attack following close behind. It appears it is exploiting the same vulnerability as Wannacry. The malware responsible is widely thought to be a version of Petya. This latest  ransomware has already crippled Ukrainian government departments, banks, power distributors and transport networks. Now apparently it has spread to other high-profile victims such as a British advertising firm, a French construction materials giant and one of the largest pharmaceutical companies in the world. Australia is unlikely to avoid it this time, with Cadburys and TNT having announced they have fallen victim. the Australian staff of DLA Piper, a global law firm, has apparently been locked out of IT systems after Petya impacted one of its overseas offices.   The ransomware continues to spread and it’s far from over. The Assistant Minister for cyber-security Dan Tehan is calling the fresh attack a "wake-up call" and the Prime Minister's cyber security advisor Alastair MacGibbon has warned against paying ransoms for Petya, urging businesses to instead back up their data to "avoid being a victim in the first place". So it is now time for you to manage this risk effectively.

read more

What cost to me after a Cyber attack?

It does very much depend on the type of attack that has been made on your systems or Web site. However, below are examples of some of the areas you will spend money. How much? How long is a piece of string?

Have you budgeted for the following Expenses in managing your Cyber Risk?

Payment of a ransom? (Maybe a cheaper solution to get your system back temporarily)

data recovery and data rebuilding (IT consultants and data recovery contractors),

Loss of reputation on the business (You will need Crisis Managers, Public Relation consultants, Staff communications, clients and other stakeholders, marketing and advertising),

Various Accountants and consultants’ fees needed to measure and prove the loss

Managing the recovery – particularly to mitigate breach of privacy or confidentiality of client information and informing all of them who are affected by a breach how you are dealing with it (mandatory breach reporting requirements)

Lost Sales due to this Business Interruption (particularly when ability to generate online sales has been affected),

additional costs incurred to maintain business operations or mitigate sales losses – hiring a more specialist firm to deal more quickly with being off air

Cover these expenses with a Cyber Risk Insurance policy. Ask us how?

read more