You know you have made it when your name becomes part of the Oxford English Dictionary. In all seriousness, this article truly points to the fact that ransomware has become a part of our lives and a part of our vocabulary. It is here to stay and something we must prepare to battle and mitigate.
This article is a great example of needing to understand both your RPO (recovery point objective) AND your RTO (recovery time objective). In the event of a system outage or a ransomware attack, having your data is only half the battle. You also need the ability to restore that data in a timely manner. Timely in this this situation is defined as the ability to restore data quickly enough as to not impact business functions. The hospital in this article had the data they needed in their backups, but could not restore the data quickly enough. The data had no practical value, so the ransom had to be paid to keep the hospital open.
Backup/Recovery and Disaster Recovery plans need to take into account both RPO and RTO and these goals need to be verified and tested on a regular basis. Testing gives the peace of mind an organization needs and wants when an attack occurs.
Yet another significant ransomware outbreak hit Russia, eastern Europe, and parts of western Europe today. BadRabbit appears to be a new variant of the Petya/NotPetya variety, and is spreading through local networks attempting to compromise systems using embedded known usernames and notoriously weak passwords. Files are encrypted as well as the master boot record of the infected machine. It appears to present itself as a Flash Player update. This story continues to develop, so beware and monitor your environments closely over the next 24 to 48 hours.
This is yet another great example of the cost of a compromise, and more specifically, the cost of a serious ransomware infection. Hopefully, this article will cause readers to pause and reconsider how organizations can and should approach these threats.
Details surrounding this cyberattack are scarce and the severity is largely unknown, though initial information points to a large, very serious attack. More details to come as they become available. Be cautious and spread the word!
This is a great article referencing another article that articulates the pitfalls of assuming “because I have a backup, I do not need to fear ransomware”. It is well worth a read and a subsequent review of your backup strategy.
Please be aware of these threats, notify your employees, and train on how to spot these malicious messages.
This is topical and well worth a look.
Here are two different articles with two very different conclusions as to the severity of the Petya / NotPetya outbreak that began yesterday. One common thread is that all sources agree on the root cause / distribution method. It is very scary to consider the implications of a compromised, yet trusted software vendor and the update processes that take place everyday from and with these vendors.
For this author’s perspective, I tend to see this outbreak as less devastating than WannaCry simply because of the lack of an active Internet worm component. It is certainly more harmful in any given LAN that it infects, but the number of potential LAN’s to be infected is limited.
Here is some additional info concerning the latest global ransomware attack making the rounds through Europe and other parts of the world today. As always, please verify your backups and patch, patch, patch!!