GoldenEye Data Deletion Disaster

Wed, 07/05/2017 - 10:39

Last week saw another large-scale cyber-attack infecting networks across the globe, halting operations and causing havoc for those affected. The Petya ransomware strain called GoldenEye, like attacks before it, was designed to move quickly, infected machines via network shares and spreading via email.

A vaccine for the infection

While the attack was widespread, it reportedly started in the Ukraine and is known to have infected machines in Australia, Russia and the UK, a vaccine was found relatively quickly. In less than 24-hours security experts had discovered a simple solution that would give a single computer immunity from the infection.

‘By creating a read-only file named perfc and placing it within a computer’s C:\\Windows folder the attack will be stopped in its tracks’

The ‘perfc’ vaccine has been able to stop single-machines from becoming infected but does not, however, stop the infection from spreading via a machine that may have otherwise been infected. For many the solution is even more simple than this as running the most up-to-date versions of Windows is enough to stop the infection from taking hold. With cyber-security such a news-worthy and high-profile area, it is no wonder Windows (among others) are regularly patching software, old and new, to protect against exploitative attacks.

Since the attack, experts have been analysing the strain of ransomware and the way in which it attacked. Unlike attacks before it, GoldenEye had no way to generate a usable key to decrypt data. This means that even if those hit with the attack paid the ransom, data could not be returned to them. The email account associated with the payment of ransoms was suspended on location, by German hosting company Posteo and they have been working with police to try and identify who may be behind the attacks.

Disruption or payday?

The WannaCry ransomware attacks several months ago were fast moving and given the number of machines infected, was quite clearly an attempt for hackers to line their pockets. Notable ransoms have seen victims paying up to $1million for the safe return of their data, so there is always a case to be argued for the financial motivations behind an attack.

Professor Alan Woodward of the University of Surrey and the Centre for Cyber-security has stated that he believes this attack was not intended to be a bumper payday for those behind it and more so as a disruptive attack.

“This looks like a sophisticated attack aimed at generating chaos, not money.”

There are signs that most definitely support this view, one of which is the ease in which payment systems (email) was shut down following the attack and despite there being almost $10,000 in bit-coin payments these appear not to have been claimed by hackers. The lack of a recovery key also points towards this, as if this was a genuine attempt to extort money from victims it is likely that the ransomware aspect of the attack would be a complete process.

The attack which reportedly hit organizations in over 60 countries was able to cause major disruption and it is now thought that the ransomware aspect was designed to bring media coverage. With cyber-criminals willing to cause such damage with no financial gain it begs the question as to why? And should act as a warning against further attacks that will surely follow.

Don’t be a data loser

Cyber-security must be a top priority for all, organizations and individual users of technology alike, and educating on best practice around technology is vital. For businesses, the financial ransoms of these kinds of attack may not be the only monetary aspect to worry about. Industry standards require organizations to take ‘organizational and technical measures’ to reduce the threat of attack, if these measures are not taken and a data breach such as ransomware occurs organizations can become liable for fines imposed by data protection authorities such as the Information Commissioners Office (ICO) in the UK.

Under the upcoming, General Data Protection Regulation (GDPR) organizations will be liable for monetary fines and penalties up to the value of €20 million or 4% of global revenue. This will apply to all businesses holding data on or transacting with European citizens and organizations. 

Recent Articles

Redstor_Alternative_accountancy_strategic_blog Redstor

Redstor Accounting For Financial Data Backups at The Alternative Accountancy Strategic IT Conference 2018

Continuing from a series of events in the first two months of the year, Redstor will be in attendance of this years, Alternative Accountancy... read more

February 20, 2018
Redstor_CryptoJacking_blog Data Protection

Crypto-jacker Leaves ICO In Its Wake

Cyber-attacks and ‘hacks’ made regular headlines throughout 2017, and in the UK the Information Commissioner’s Office (ICO), was there to oversee all... read more

February 16, 2018
Redstor_100Days_to_GDPR Data Protection

100 Days To Go…

Wednesday 14th February 2018, valentine’s day, but more significantly it’s 100 days until G-day. May 25th, 2018, the day on which The General Data... read more

February 14, 2018