As ransomware cyberattacks spread across the globe yet again, here are five facts about today's attacks that MSSPs (managed security services providers) should keep in mind.
1. Ransomware Name: Most pundits are referring to the attacks as a Petya variant, with some also mentioning Goldeneye. Sources: Multiple.
2. How It Works: The attack is complex and infiltrating from several vectors, one of which is a fake Microsoft Digital Certificate that ultimately clears the Windows event log before shutting down the machine and encrypting its files. Source: VIPRE Security.
3. First Attack: ESET said the first known infection occurred early on June 27, through a Ukrainian software company called MeDoc. MeDoc denied that its program was the initial infection point. Source: The New York Times.
4. Total Victims: Kaspersky Lab says about 2,000 computer systems have been impacted so far, but we're checking to see if that statement involves individual computers or individual companies/organizations. Source: Kaspersky Lab
5. Company Victims: Merck, along with companies in France and Russia, among other regions. Sources: Multiple.
6. Security Safeguards: Several security software and cloud companies say their tools safeguard customers from today's attacks. Here's a sampling of statements and views from multiple technology companies. Sources: Multiple.
Keep checking MSSP Alert's home page for more updates.
