Two days ago the Ukraine was struck by a massive ransomware attack that took out several companies computer systems. Most of the affected companies do business with the Ukrainian government. It was first known to be ransomware, but now researchers have realised that it looks more like a cyber attack with no intention other than to destroy.
What we know about the virus so far.
- The attack first manifested in Kiev, Ukraine on Tuesday
- It uses exploits from leaked NSA documents called ETERNALBLUE to spread as quickly as possible through a network
- The affected PC then reboots 1 hour later and begins a so called “checkdisk” which ends up encrypting the computer disk to the point where you cannot boot it up by encrypting the MFT (Master File Table)
- The code used to encrypt is so aggressive that its impossible to recover data
- Researchers have found that the sole purpose of the malware was to wipe drives and destroy data
- The attackers are unknown at this stage
- The single mail address that the attackers requested users to contact once infected is no longer working as the mail
service provider took the account offline
- Some reports we have read have advised that even fully patched Windows computers have been infected
What can you do to protect yourself?
- Ensure that your antivirus is up to date with the latest security updates installed
- Install a secondary antiransomware protection software like ransomfree
- Run windows security updates
- Do not open mail attachments from users you do not know, and if you have any doubt whatsoever, DELETE THE MAIL
- If your computer does become infected, immediately disconnect your computer from the network and switch off and contact an IT professional