Do you still think that ramsomware won't happen to you?
That's probably how DLA Piper, a large multinational law firm, felt before it became a victim of the latest largescale ransomware attack at the end of June. According to Legal Week, the firm's email and phone systems have been effected and systems were entirely shut down as a precaution.
New and Improved Attack
Security experts believe this ransomware attack to be a variant of Goldeneye/Petrwrap, a member of the Petya family. Goldeneye exploits some of the same weaknesses as the WannaCry ransomware that spread rapidly in May.
Petya also utilizes two other methods to spread, so just having that specific patch installed won't do the trick.
This attack encrypts and locks entire hard drives instead of simply attacking files. In addition, Petya uses two types of encryption on any computer system it infects, making it virtually impossible for security personnel to decrypt without the key.
An infected computer doesn't even boot into the operating system, but into a special Petya bootloader.
Infected Victims Out of Luck
The email provider for the service the attackers used announced that they blocked their account as soon as they were aware of its use in the ransomware attack.
As of midday on June 27th, victims of the ransomware attack have no method of which to contact the attackers to pay a ransom to decrypt their computers.
If there is no backup of the information available on the locked hard drive, that data will be lost forever.
Take the Necessary Precautions Now
If you become a victim of this attack, there is no recourse for recovering your files at this time. To ensure you have access to your files, be sure to take these immediate necessary steps:
- Backup your data to a system that isn't connected to your computer. You want to ensure 2 things when backing up: 1) that you backup everything you need and 2) that this backup system is not connected and trying to backup your system in the event you do get infected. If your backup is occurring during an infection period, you will simply backup an infection.
- Run updates on your computer system to make sure everything is patched sufficiently. While there is some debate on what this attack is exploiting, having your computer system up-to-date with the most current security release will go a long way in making you less vulnerable to easily spreading malicious software around your office should one computer become infected.
- Do not click on anything you aren't expecting to receive without verification. If you are not expecting to receive a certain attachment from a sender, verify its authenticity before you open it. An awkward phone call or email here and there is way less embarrassing than having to notify your clients that you were a victim of a ransomware attack.
- Educate your staff regarding email protocol. Make sure everyone with access to an office computer knows the proper way to handle email attachments. Everyone's computer should have adequate virus software, Firewall, ad blocking software, and email filtering software.
For a more thorough discussion of ransomware and prevention, please read our newsletter article, "The High Cost of Ransomware."
DLA Piper proves that every law firm should continue to be vigilant.
With the increased volume of largescale ransomware attacks occurring more and more frequently, it is just a matter of time before a coworker or client receives an infected email.