Petya Ransomware Attack Spreads, Highlighting Growing Risk to Consumers
Consumer Reports has no relationship with any advertisers on this website.
A new ransomware attack began spreading around the globe on Tuesday, hitting a variety of targets and serving as a reminder that consumers should be taking basic steps to protect the information they store on their computers.
Security experts say that this form of malware, which locks up computer files using encryption and demands a ransom in order to unlock them, exploits vulnerablilities in Windows computers that haven't had the latest software updates. It appears to be spreading through spam and so-called spear phishing e-mails that seem to come from a trusted source.
The attack, which began in Europe and spread to the U.S., has been affecting everything from airports and other infrastructure in Ukraine to pharmaceutical giant Merck & Co.
This is the second large-scale ransomware incident in the past two months. In May, a form of malware called WannaCry crippled computer systems in the UK’s National Health Service, along with targets ranging from one of Spain’s largest telecommunications providers to universities in China.
“What happened with WannaCry about a month ago, was that it gave cyber criminals a playbook as to how to unleash a global cyber attack,” says Gary Davis, chief consumer security evangelist for McAfee, which provides anti-virus and other IT security services for both consumers and businesses.
Security experts remain uncertain about some technical details of the attack, but it is widely believed to employ a variant of the malware called Petya, and to take advantage of the same Windows computer vulnerability exploited by WannaCry. However, the distinctions among ransomware variants make little difference to consumers and other potential victims.
Security researchers warn that consumers will continue to be a primary target for ransomware attacks. The most vulnerable devices are older Windows computers, but Mac computers and Android phones are increasingly attractive to hackers. In the future, smart devices from modern cars to expensive internet-connected televisions could also face risks from ransomware.
According to a recent study by Malwarebytes, a cybersecurity company that specializes in anti-malware software, ransomware accounted for more than half of the malware it detected through its monitoring of Windows systems during the first three months of this year.
“It’s an easy way, especially for criminals who aren’t technically experienced, to quickly make some money,” Adam Kujawa, director of Malwarebytes Labs, says. “There are vastly more cyber criminals out there now than there were three to four years ago, because of ransomware.”
For would-be ransomware entrepreneurs, few technical skills are required. Ransomware “kits” are sold online fairly cheaply, Kujawa says. To spread the malware a criminal can rent a botnet, a network of computers running malware that links them together in a network without the knowledge of their owners.
How to Stay Safe
When ransomware atttacks an individual consumer, everything from tax records to priceless baby pictures are at risk.
Ziv Mador, vice president of security research for the cybersecurity firm Trustwave, is among several security professionals who say the ransomware used in recent attacks can easily lock up consumer computers if they’re not running up-to-date software. Many victims of the previous attack were running the Windows 7 operating system, which was introduced in 2009.
“We hear mostly about affected businesses because the impact on them is much larger,” Mador says. Additionally, once any sort of malware infects a large network, it can spread quickly, creating a crisis.
The good news for consumers is that it’s relatively easy to protect yourself from ransomware—if you begin before you’re hacked. The first line of defense is to back up your data frequently to an external hard drive or a cloud service. Do that, and a ransomware attack is reduced from a crisis to a nuisance, costing you nothing more than the time it takes to restore your data from the backup.
“If you don’t back up, you’re in a bad position,” Davis warns. “It’s really important at this point. Cyber criminals don’t care if they’re getting their Bitcoin from a big corporation or a consumer."
The other key preventative measure? Installing the free updates to your computer’s operating system. Malware often exploits vulnerabilities in older versions of the software that have been patched with the latest updates. Anyone with a Windows computer who installed security patches issued this spring should be immune to the current ransomware crisis, experts agree.
“Make sure that your antivirus software is up to date and be careful what you click on,” Davis adds.
If your computer is infected and you haven't backed up your data, you may be stuck judging whether or not to pay the ransom. Symantec’s Norton Cyber Security Insights group found that about 34 percent of approximately 1,000 ransomware victims they surveyed across the world did just that. In the United States, the number who paid was 64 percent.
But, this doesn’t always work. ”There’s no guarantee you’re going to get your files back," Russell Vines, Consumer Reports’ director of information security, says. In the Symantec survey, only 47 percent of victims who paid a ransom reported having their files restored.
Besides, says Vines, paying a ransom could make the problem worse: “Don't reward cyber crime,” he urges.
Phones and Macs: The Next Targets?
Windows computers are the primary targets of the current attack, but other devices are increasingly vulnerable, experts say.
Historically, Macs had not been a target of hackers, but the Malwarebytes study notes that the second-ever Mac-focused ransomware—discovered by the European cybersecurity firm ESET and known as FindZip—surfaced this past winter. The ransomware spreads through video-piracy sites and encrypts a victim’s files. According to Malwarebytes, this form of ransomware doesn’t give attackers any way to restore a victim’s files if they do decide to pay.
Apple computers were previously hit by ransomware dubbed KeRanger, which surfaced in March 2106. That malware, which demanded payment of 1 Bitcoin, was signed with a valid Mac developer ID, helping KeRanger bypass security measures built into the Mac operating system. Apple has since revoked the developer ID used by KeRanger.
Smartphones are a growing ransomware target, and for many people, a particularly sensitive one. A typical smartphone not only stores hundreds of photos, but also important data ranging from passwords for banking, shopping, and social media accounts to e-mail archives and phone contacts.
“Mobile is the ultimate target,” Malwarebytes’ Kujawa says. “They’d love to ransom our phones, but it’s hard to do.” While ransomware attacks against Android devices are on the rise, he says they’re limited by the fact that they have to rely on people visiting dodgy websites, clicking on links in bad emails or downloading potentially dangerous apps from third-party app stores.
Kujawa says Google has recently increased its focus on keeping bad apps out of the Google Play Store.
However, hackers aren’t giving up. The Jisut strain, which surfaced in 2014 and targets Android devices, is spreading, with “tens of thousands” of new samples being released into the wild, according to Malwarebytes. Last fall, security researchers in California found a kind of ransomware they dubbed Charger, which was built into an app in the Google Play store.
Is IoT next?
With an ever-growing list of consumer devices ranging from lightbulbs to TVs now connected to the internet, some security experts wonder if these devices, which often come with little in the way of baked-in security, will become the next targets for ransomers.
Conventional ransomware directed at computers is about locking up files, deying a victim access to precious documents and photos. In contrast, ransomware focused on IoT would seek to disable the device, potentially turning your connected car or smart TV into a very large, and expensive, paperweight.
“Since we expect these devices to become a lot more popular in the coming years, we probably have a real problem here just around the corner,” says Trustwave's Mador.
Candid Wueest, a Symantec threat researcher, proved how easily so-called “internet of things” devices could be hit with ransomware by intentionally infecting his own TV with a known malicious Android app. The TV displayed the dreaded lock screen almost immediately and became unusable.
The TV’s manufacturer wasn’t able to help, but Wueest was ultimately able to remove the ransomware and unlock the TV himself.
Despite that experience, Wueest says he doesn’t expect the ransoming of “smart” household items to take off anytime soon. One simple stumbling block is that many devices don’t have screens—and ransomware depends on attackers having a way to communicate with their victims. Besides, he says, a lot of connected devices are relatively inexpensive, and consumers could just throw out an infected gadget and buy a new one.
While ransoming a pricey TV or connected car might work, doing the same thing to $50 lightbulbs probably wouldn’t.
“Ransomware will play a part for IoT, but not the same part we’re seeing at the moment for Windows machines or Linux machines, Wueest said in an interview at the RSA security conference in February. “It’s just simpler, for the moment, to attack a company, or just the average Joe’s computer at home.”
For now, security experts agree that consumers should focus on safeguarding the most common ransomware targets, their computers and smartphones.
More from Consumer Reports:
Top pick tires for 2016
Best used cars for $25,000 and less
7 best mattresses for couples
Copyright © 2006-2017 Consumer Reports, Inc.
