This week’s attack on Europe’s computer networks marked the beginning of a sinister all-out war on business data with no chance of recovery, according to one of Ireland’s top cyber security experts.
The payment system associated with the GoldenEye ransomware attack was shut down within hours, meaning that no infected business can recover its data, according to cyber security expert James Canty, of Magnet Networks.
“For the first time we are seeing an attack that is not about gain, but criminal destruction of data and bringing networks to a halt,” said Canty.
“This latest cyber attack has all the appearances of ‘normal’ ransomware, with significant difference.
Mr Canty went on: “This attack is much more about destroying files and information than making money and only $12,000 has been paid in ransom so far.
“If a business owner uses an online portal to process their payroll, and their network is compromised by the Golden Ransomware attack, all their payroll records are held to ransom until they click on the link and pay the $300.
“In previous ransomware attacks they would simply pay the money, get their files back, process their payroll and continue on with their business.
“However, the GoldenEye ransomware attack was designed to destruct and destroy, and the payment mechanism included was disabled within hours.
“Even if they wanted to pay to rescue their business files, they can’t – all the compromised data is gone.
James Canty of James Canty of Magnet Networks
The cyber secuity expert suggested that while most ransomware attacks are for monetary gain, there are more sinister reasons for launching a GoldenEye-like attack – wiping information.
“Cyber crime is only going to get worse. Right now these attacks are making headlines but this happens at a business level every day.
“Unfortunately, we are finding that just because you have a box in the corner that the IT department calls a firewall doesn’t mean you are protected.
“Software patches and security updates are what make traditional anti-virus solutions ineffective as they are constantly playing catch up, leaving unsecure software vulnerable to attack.
Mr Canty said companies need to have a next generation application-aware firewall along with advanced endpoint protection and local real-time analysis on each machine.
“No business using this system, which Magnet Networks employ, would have been affected in any way by the recent cyber attack.
“Nearly all computers or devices with an unsecured internet connection are potentially victims of ransomware, which is a more urgent concern with the rise of the internet of things (IoT) and the proliferation of additional devices, such as wearable tech and home appliances.
“Ransomware acts quickly and it is imperative that businesses act and deploy zero-day protections and controls that mitigate or prevent attack.
“Education and awareness are key as most attacks are triggered by unsuspecting individuals opening either exe files or documents, which can look quite convincing.
“These have no known signatures or behaviours so that most existing enterprise security systems must allow the malware to run, so they can then recognise them and are effectively playing catch ups with cyber criminals.
“There are certain stages that malware must go through in able to function, and businesses need to employ real time protection that can identify, isolate and educate on each new piece of malware as it happens.
Mr Canty also said business owners also need to ask if their IT departments can provide reports showing all the activity on the network, on the basis that if you don’t know what is coming in and out of the business, then how can you protect yourself?
“If needed, system administrators should be able to see a report detailing all activity on a per user basis across the network.
“Businesses should also look at reviewing their network drive permissions to minimise the impact a single user can have, and ensure that administrators are assigned separate normal restricted accounts separate from their highly privileged accounts.”