Yesterday, a new largescale ransomware attack dubbed Petya hit computers all across the globe, disrupting operations in industry sectors and governments alike. The ransomware, similar to the WannaCry attacks earlier this year, demanded that a ransom be paid in BitCoin in exchange for decrypting of a computer’s files. The extent of the damage even reached so far as to disable the Chernobyl power plant’s website, forcing radiation monitoring to be carried out by hand.
One point to mention however – Petya isn’t ransomware.
According to Adam Clark Estes of Gizmodo, experts think that the objective of this attack was not profit, it was chaos. As investigation into the nature of the attacks proceeded, it soon became clear that due to the way it was designed, it would be nearly impossible for the attackers to gain any monetary profit through it. The email supposedly associated with the ransom was taken down by the host, meaning no payment could be received. With no way to pay the ransom, any afflicted machine thus becomes locked without a way out -cyber terrorism disguised as ransomware.
As fate would have it, this attack operates as an improved version of the WannaCry attack, utilizing the same Windows vulnerability -EternalBlue. Despite the media proudly announcing that a “cure” or “kill-switch” to the WannaCry attack was discovered, the same weak point was exploited, showing once again how truly unprepared the world is for sophisticated cyber-attacks. According to CNNtech, even Ukraine’s Cabinet of Ministers was hit by the attack.
The failure of the world to defend itself from such an attack is an embarrassment. The logical shift to dealing with cybersecurity is not being made often enough, with so many governments and corporations still not realizing that a system cannot last long without updating. Failure to update operating systems and software leads to situations like this, where old vulnerabilities remain exploitable by hackers. For the societies of the future, in which the integrity of every IoT-connected device is necessary, the ability to keep software equipped with the latest security solutions is paramount.
This reality is the driving motivation behind the development of Trillium’s SecureOTA platform, designed to swiftly and seamlessly update security measures on devices as often as needed. Such functionality is key to ensuring the long-lasting effectiveness of any security system, for as the saying goes, “Fool me once, shame on you. Fool me twice, shame on me.”