We put the IT in city®

CitySmart Blog

Monday, July 3, 2017
Nathan Eisner, COO

Nathan EisnerRansomware strikes again—or is it really ransomware? Just over a month after the global WannaCry ransomware attack, a new vicious virus dubbed “Petya” has been infecting computers worldwide in over 65 countries (including the United States). Most of the computers infected (about 80%) were in the Ukraine, but the virus still spread itself far around the world by attacking vulnerable servers and computers.

Petya 101: Getting You Up to Speed

While similar to WannaCry, Petya has some important differences and distinctions.

  • Petya is a variant of ransomware but does not give you a chance to get your files back. Ransomware is a type of virus that encrypts your files and documents. The criminal then asks for a ransom within a specific time period (such as 72 hours). If you pay, then they (may) decrypt your files. If you don’t, you permanently lose access to those files. However, Petya encrypts your files like ransomware but doesn’t give you a chance to get them back. According to The Verge, “It looks like the program’s creators had no intention of restoring the machines at all. In fact, a new analysis reveals they couldn’t; the virus was designed to wipe computers outright.”
  • Petya originated from a leak of National Security Agency (NSA) data that indicated a security vulnerability in Microsoft Windows operating systems. Like the WannaCry ransomware cryptoworm, hackers stole information about this Windows vulnerability from the NSA and used it to create the Petya virus.
  • Petya had its biggest impact on June 27, 2017 and experts conjecture it may have been a nation-state attack on Ukraine disguised as ransomware to throw the media off the scent.

Why Your City May Be in Serious Danger from a Similar Attack

While the damage from this recent cyberattack was mostly limited to the Ukraine, Petya was still a sophisticated attack with a wide reach, mostly hitting organizations that did not follow three important technology best practices. These kinds of cyberattacks are not going away—and your city may be a ripe target for the next one.

This is important for cities to realize: It’s likely that your city has a good chance of experiencing a devastating WannaCry- or Petya-like cyberattack that leads to permanent data loss if you don’t follow the three best practices below.

1. Failing to regularly patch your software.

Microsoft released a Windows security patch in March 2017 that prevented Petya from affecting an organization. According to Inc., Petya “exploits an old vulnerability in Microsoft Windows for which Microsoft issued a patch (to fix the vulnerability) several months ago. The sheer number of parties infected within the last 24 hours likely testifies to the failure of so many organizations to consistently patch their systems.”

Yet, so many organizations—including cities—do not patch their software on a regular basis. Excuses are plentiful. City staff have too much on their plates. Reactive IT vendors do not get paid to do proactive IT maintenance. Nothing appears broken, so why fix it. It’s not a priority. Et cetera.

But when you don’t regularly patch, you miss out on security updates. Software vendors plug holes that hackers can exploit. When you don’t apply patches, it’s like leaving a back door open in your house. Organizations that did not apply the March 2017 Microsoft patch left this back door wide open.

2. Failing to back up your data.

Because the Petya virus encrypts your data and offers you no chance of getting it back, then there’s a high chance of permanent data loss if you don’t have an appropriate data backup and disaster recovery solution. This means your data backup needs to be completely separate from your files and information. After all, you don’t want a virus to infect your backups too. Your data backup solution should include an onsite and offsite component, and it should be tested regularly.

3. Failing to modernize your technology and get rid of legacy systems.

This issue has become so prevalent across federal, state, and local government that proposed legislation such as the Modernizing Government Technology (MGT) Act specifically addresses IT modernization. In 2017, there is no longer a “nice-to-have” argument about modernizing technology. Instead, modernized technology and cybersecurity are increasingly seen as one and the same thing. Recent attacks like WannaCry and Petya are now referenced by legislators pushing IT modernization bills—and they see these cyberattacks as both a national security and citizen privacy/protection issue.

For cities, it will become more and more negligent to cling onto old legacy hardware and software that uses obsolete, unsupported, and unsecure technology. While budget is always a concern, the costs of a cyberattack—financially, legally, and politically—can be far worse. States such as Arkansas have even passed laws threatening to revoke a city’s charter if they don’t comply with the law through using appropriate, secure technology.

Yes, the Petya virus is scary for any organization that fails to implement basic IT best practices such as patching, data backup and disaster recovery, and keeping technology modernized.

If your city isn’t following the three best practices above, you are at risk for a ransomware attack. Reach out to us today with any concerns.