Destructionware – what is it and can you protect your business?
This morning the White House issued a formal statement blaming Russia for the NotPetya malware that spread through parts of Europe, Asia and America in 2017.
Tech publication Ars Technica reports that White House press secretary Sarah Huckabee Sanders said the the following:
“The attack, dubbed “NotPetya,” quickly spread worldwide, causing billions of dollars in damage across Europe, Asia, and the Americas. It was part of the Kremlin’s ongoing effort to destabilise Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict. This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.”
NotPetya earned its name due to its similarities to the Petya ransomware but was alarmingly different in that it had one goal – destroy any data it encountered.
This form of ransomware is know as destructionware and its effects can have a disastrous effect on a business.
The phrase has popped up a few times so we approached Carey van Vlaanderen, chief executive officer at ESET South Africa to find out more.
“Destructionware behaves very much like Ransomware, except for one vital difference and that is that the exploits only intent is to destroy the information on the target machine. It can be categorised as a denial of service attack targeted at client systems as opposed to the traditional network based denial of service attacks in the past,” van Vlaanderen tells us.
Like ransomware, destructionware can enter a system undetected and once a system is infected it will demand a ransom. More often than not however, paying that ransom will not get you your data back.
When WannaCry ransomware began spreading in 2017 users that paid the ransom did get their data decrypted but ESET South Africa’s CEO says users would not experience the same with something such as NotPetya.
“Destructionware does not only hold data for ransom but destroys it. The affected system would be wiped clean and remain inoperable thereafter, thereby negating paying any ransom for a “decryption” key,” she says.
So while the malware might demand a ransom there is no guarantee that you will get your data back even if you pay the ransom.
The question on our minds was why? Why destroy the data and any hope of getting repeat business with it. According to Paul Jolliffe, Lead DSM: Security at T-Systems South Africa it’s not the victim’s money they want.
“The bragging rights that “destructionware” gives its makers effectively allows them to name their price for services such as RaaS, going forward. They also obtain that which every hacker seeks: the respect of their peers for bringing a large portion of global business to its knees with a few simple tweaks of an already prevalent malware,” explains Jolliffe.
Can your business protect itself?
If your business has already been hit by destructionware there is sadly no way to recover your data even if you do pay.
The ESET CEO tells us that destructionware is vicious and infects any type of file it can find.
“Its malicious code infects the system, rendering data null and void. Most notably it would affect the system files responsible for managing access to controls within the operating system. Often it would target the Master Boot Record (MBR) of the infected machine so as to negate any workaround like attempting to restart the system in SAFE mode to remove the infection,” van Vlaanderen told htxt.
The best protection then is mitigation.
Businesses should take into account cyber risks such as destructionware when digitally transforming their business.
To safeguard data van Vlaanderen says a comprehensive solution must be implemented which includes anti-malware, endpoint security, secure encryption and anti-virus.
A formally adopted disaster recovery process detailed by a business continuity plan can also insure that the potential downtime your business faces in the event of a cyber attack, is lessened.
That’s the key here. Many cybersecurity experts argue that its not a matter of if a business becomes the victim of a cyber attack but when so make sure you implement mitigation and prevention measures as soon as possible.[Image – CC BY NA Pixabay]