Overview
A cyber-attack utilising ransomware similar to the Wanna-Cry attack on NHS facilities seen on the 12th of May was launched last night. The targets this time have included Russian oil producer Rosneft, DLA Piper, one of the largest law firms in the world and Danish shipping company Maersk. The affected systems include email and phone systems; other systems worldwide have been locked down to avoid being compromised. It is believed that the delivery method this time was a USB – although this remains an unconfirmed rumour.
Summary
Experts from Cisco’s Talos intelligence unit said it believed the attack may have been carried out by exploiting vulnerable accounting software. “We believe it is possible that some infections may be associated with software update systems for a Ukrainian tax accounting package called MeDoc.”
The now-prevailing theory that this was a politically motivated attack on Ukraine, as the country is set to celebrate its Constitution Day. “This looks like a sophisticated attack aimed at generating chaos, not money,” stated Prof Woodward, Professor of Computer Science at the University of Surrey.
IT specialists are suggesting that the low ransom amount -$300- is not designed to actually extort money for profits. The attack is speculated to be a diversion or front for causing wider disruption or making a political statement.
KCS would advise all firms to review their own security procedures in light of this second serious ransomware attack and consider how to protect their interior through improved staff training, testing and education, just as seriously as the defence of their perimeter.