Think Fast: Nyetya is here New Ransomware Variant Surges
Update [Wednesday, July 5, 2017]: Cisco Talos’ investigation found a supply chain-focused attack at M.E.Doc software that delivered a destructive payload disguised as ransomware. In terms of the initial infection vector, the malicious actor was able to load backdoors into three M.E. Doc software updates. See Talos blog for details.
WannaCry just faded from the headlines. But ransomware has surged into the news again with a new malware variant, that we have named Nyetya, wreaking havoc in networks globally.
What does this mean? It means attackers don’t rest – but rather they innovate. They evolve. Of course we must too.
Nyetya is nasty because it encrypts the master boot record (like a table of contents for a hard drive) of a computer. Not good. Once it enters a system, it uses three ways to spread automatically in a network, one of which is the known Eternal Blue vulnerability, which WannaCry used as well. Also bad.
Some infections may even be associated with a familiar tax accounting software package to get its foot in the door when initially infecting networks.
For a world-class, in-depth analysis on Nyetya, see our blog by Talos, Cisco Security’s threat intelligence team, covering how the ransomware operates and what security protections will keep you safe against it.
Please view our webinar, available on demand, to hear the latest on the attack. "Nyetya. Global Ransomware Attack. What you want to know."
We’ve seen ransomware makers innovate in order to do damage any way they can in the past few years. Phishing emails? Check. Network vulnerabilities? Yep. Malvertising? Of course.
We’ve underscored defense-in-depth for years – and it is as important as ever given how ransomware works. And of course, you need the right team and resources to back up great technology to respond in worst-case scenarios.
This thinking shaped our Ransomware Defense solution, a set of products we’ve tested calling on layers of protection from DNS security to endpoint security to email to network security, to best keep ransomware at bay.
And the obligatory public service message on good IT practices: prioritize patching your systems to reduce security risk. While you’re at it, please make back-ups of key data a fundamental part of any security program.
Recorded webinar: "Nyetya. Global Ransomware Attack. What you want to know."
Some key elements of Ransomware Defenses:
Incident Response
Strengthening readiness and response to attacks.
Experiencing an incident now?
Contact us immediately. We are available globally, 24 hours a day, every day of the year.
Call now: 1-844-831-7715
Ransomware Defense Solution
Fighting it in all the places where it tries to do damage.
Network Security and Segmentation
Detect and block malicious network activity (on SMB connections in this case) and prevent lateral spread of malware
Endpoint Protection
Cisco Advanced Malware Protection (AMP) for Endpoints stops ransomware files from running on endpoints.