Ransomware makes it into the Oxford English Dictionary

You know you have made it when your name becomes part of the Oxford English Dictionary.  In all seriousness, this article truly points to the fact that ransomware has become a part of our lives and a part of our vocabulary.  It is here to stay and something we must prepare to battle and mitigate.


Hospital Pays $55K Ransomware Demand DESPITE Having Backups

This article is a great example of needing to understand both your RPO (recovery point objective) AND your RTO (recovery time objective).  In the event of a system outage or a ransomware attack, having your data is only half the battle.  You also need the ability to restore that data in a timely manner.  Timely in this this situation is defined as the ability to restore data quickly enough as to not impact business functions.  The hospital in this article had the data they needed in their backups, but could not restore the data quickly enough.  The data had no practical value, so the ransom had to be paid to keep the hospital open.

Backup/Recovery and Disaster Recovery plans need to take into account both RPO and RTO and these goals need to be verified and tested on a regular basis.  Testing gives the peace of mind an organization needs and wants when an attack occurs.


New, Crippling Waves of Ransomware Spread In Russia, Ukraine

Yet another significant ransomware outbreak hit Russia, eastern Europe, and parts of western Europe today.  BadRabbit appears to be a new variant of the Petya/NotPetya variety, and is spreading through local networks attempting to compromise systems using embedded known usernames and notoriously weak passwords.  Files are encrypted as well as the master boot record of the infected machine.  It appears to present itself as a Flash Player update.  This story continues to develop, so beware and monitor your environments closely over the next 24 to 48 hours.



Petya Ransomware Outbreak Originated in Ukraine via Tainted Accounting Software

Here are two different articles with two very different conclusions as to the severity of the Petya / NotPetya outbreak that began yesterday.  One common thread is that all sources agree on the root cause / distribution method.  It is very scary to consider the implications of a compromised, yet trusted software vendor and the update processes that take place everyday from and with these vendors.

For this author’s perspective, I tend to see this outbreak as less devastating than WannaCry simply because of the lack of an active Internet worm component.  It is certainly more harmful in any given LAN that it infects, but the number of potential LAN’s to be infected is limited.