A massive new global cyber-attack has struck with a similar reach to the WannaCry ransomware attack that infected more than 300,000 computers worldwide last month. The latest attack was initially thought to be a strain of the Petya Ransomware virus which hit last year, however it has now emerged that it is in fact a totally different strain which borrows some of the same code from Petya Ransomware. Therefor the latest ransomware attack is now being referred to as Not Petya, SortaPetya or Petna. It also includes code known as “Eternal Blue”, which is widely believed to have been stolen from the US National Security Agency (NSA) and was also used in last month’s WannaCry ransomware attack.
WannaCry is a crypto-ransomware that is also called WannaCrypt, it encrypts data files by appending .WCRY to the end of the file name and asks users to pay a US$300 ransom in bitcoins. According to the ransom note the payment amount will be doubled if the ransom isn’t paid within 3 days and the files will be deleted after 7 days if the payment is not made. WannaCry is not just a ransomware program, it is also a worm that gets into your computer and looks for other computers to try and spread itself as far and wide as possible. This variant of ransomware first emerged on Friday May 12th and affected over 200,000 users across 150 countries including many large organisations such as the NHS, Nissan, Hitachi, Renault, Telefonica, FedEx and Germany's rail network Deutsche Bahn.
Several of Microsoft’s online services suffered outages yesterday for several hours across the UK, Europe and the US. According to the official website, the services which were impacted included Outlook.com, Office 365, Xbox Live gaming and Skype.
According to a new report on the rise of ransomware, many SMEs are aware of the threat of ransomware, in fact 66% of respondents surveyed said that they believe the threat of ransomware is very serious and a further 68% admitted that their company was vulnerable to ransomware attacks. More worryingly, the awareness of the threat of ransomware is not transpiring into action as half of the organisations surveyed think that they are too small to be targeted.
Microsoft have altered the behaviour of the Exchange Frontend Transport service on Exchange 2013 and 2016 so that it no longer rejects invalid recipients after they are specified. Instead the rejection is performed after the DATA command has been issued. This breaks Dynamic Recipient Verification in some 3rd party systems. To work around this, access must be given to the Default Hub Transport connector which is still SMTP compliant, and rejects invalid recipients after they are specified using the RCPT TO command. By default, the Default Hub Transport connector is accessed on port 2525
See below our 7 steps on how to enable Mail Box Recipient Verification to ensure your Exchange environment in not accepting emails to mail boxes that do not exist.
Doxware is the latest variant of ransomware and it is the most terrifying form of malware we have come across to date. Doxxing is the online practice of researching and broadcasting identifiable information (e.g. name, address, telephone number, social security number, etc.) of individuals or organisations. When Doxxing and ransomware are combined, this lethal combination is referred to as Doxware.
Not only will Doxware encrypt the victims file, it also collects their personal files, uploads these files to a server and threatens to make these files publicly available if the ransom fee is not paid within a short time frame. More worryingly, the cyber criminals may have permanent access to your personal data and can demand a ransom more than once. Even if you do give in to blackmail, there is no guarantee that the files they have copied will be deleted.
The latest Microsoft Office 365 outage caused emails to pile up in the outboxes of business customers in the US just as they were preparing for the 4th of July bank holiday weekend. Last Thursday user began to flood Twitter with complaints, after noticing that their incoming emails had slowed and their outgoing emails were starting to gather in their outbox, stating that their online exchange and Outlook services were unresponsive.
Spending time showing employees the common traits of fraudulent messages (incorrect logos, dodgy sender addresses, third-party links, zip attachments) will help them better understand what they need to avoid. And once they know what they are looking for, it becomes much easier for them to manage their own mailbox security.
Show workers how to hover their mouse over links, check the sender’s address and manually scan emails for malware. Anything that looks suspicious needs to be double-checked or deleted immediately.
Corporate data is one of your most valuable assets in the information-driven economy, and there are always criminals out to steal it. Unfortunately the threat is not always from outside the business; industrial espionage is a real and present danger.