📢 MSPs - THE ULTIMATE MSP GROWTH GUIDE - The PDF is available to download now!Download
Redstor banner

GoldenEye Data Deletion Disaster

Redstor posted in Ransomware recovery | 5 Jul 2017

Last week saw another large-scale cyber-attack infecting networks across the globe, halting operations and causing havoc for those affected. The Petya ransomware strain called GoldenEye, like attacks before it, was designed to move quickly, infected machines via network shares and spreading via email.

A vaccine for the infection

While the attack was widespread, it reportedly started in the Ukraine and is known to have infected machines in Australia, Russia and the UK, a vaccine was found relatively quickly. In less than 24-hours security experts had discovered a simple solution that would give a single computer immunity from the infection.

‘By creating a read-only file named perfc and placing it within a computer’s C:\Windows folder the attack will be stopped in its tracks’

The ‘perfc’ vaccine has been able to stop single-machines from becoming infected but does not, however, stop the infection from spreading via a machine that may have otherwise been infected. For many the solution is even more simple than this as running the most up-to-date versions of Windows is enough to stop the infection from taking hold. With cyber-security such a news-worthy and high-profile area, it is no wonder Windows (among others) are regularly patching software, old and new, to protect against exploitative attacks.

Since the attack, experts have been analysing the strain of ransomware and the way in which it attacked. Unlike attacks before it, GoldenEye had no way to generate a usable key to decrypt data. This means that even if those hit with the attack paid the ransom, data could not be returned to them. The email account associated with the payment of ransoms was suspended on location, by German hosting company Posteo and they have been working with police to try and identify who may be behind the attacks.

Disruption or payday?

The WannaCry ransomware attacks several months ago were fast moving and given the number of machines infected, was quite clearly an attempt for hackers to line their pockets. Notable ransoms have seen victims paying up to $1million for the safe return of their data, so there is always a case to be argued for the financial motivations behind an attack.

Professor Alan Woodward of the University of Surrey and the Centre for Cyber-security has stated that he believes this attack was not intended to be a bumper payday for those behind it and more so as a disruptive attack.

“This looks like a sophisticated attack aimed at generating chaos, not money.”

There are signs that most definitely support this view, one of which is the ease in which payment systems (email) was shut down following the attack and despite there being almost $10,000 in bit-coin payments these appear not to have been claimed by hackers. The lack of a recovery key also points towards this, as if this was a genuine attempt to extort money from victims it is likely that the ransomware aspect of the attack would be a complete process.

The attack which reportedly hit organizations in over 60 countries was able to cause major disruption and it is now thought that the ransomware aspect was designed to bring media coverage. With cyber-criminals willing to cause such damage with no financial gain it begs the question as to why? And should act as a warning against further attacks that will surely follow.

Don’t be a data loser

Cyber-security must be a top priority for all, organizations and individual users of technology alike, and educating on best practice around technology is vital. For businesses, the financial ransoms of these kinds of attack may not be the only monetary aspect to worry about. Industry standards require organizations to take ‘organizational and technical measures’ to reduce the threat of attack, if these measures are not taken and a data breach such as ransomware occurs organizations can become liable for fines imposed by data protection authorities such as the Information Commissioners Office (ICO) in the UK.

Under the upcoming, General Data Protection Regulation (GDPR) organizations will be liable for monetary fines and penalties up to the value of €20 million or 4% of global revenue. This will apply to all businesses holding data on or transacting with European citizens and organizations. 

Ready to try the smartest backup and recovery platform?

Idc logo

Working Smarter, Not Harder:
How Pre-Built AI, ML, and Automation Capabilities Boost Opportunities