Think Fast: Nyetya is here
New Ransomware Variant Surges
WannaCry just faded from the headlines. But ransomware has surged into the news again with a new malware variant, that is being named Nyetya, wreaking havoc in networks globally and is being described as WannaCry's bad cousin.
The new cyber attack started massively affecting dozens of companies and institutions in the world, beginning with Russia and Ukraine on Tuesday, and now spreading to Asia and Australia on Wednesday.
What does this mean? It means attackers don’t rest – but rather they innovate. They evolve. Of course we must too.
Nyetya is nasty because it encrypts the master boot record (like a table of contents for a hard drive) of a computer. Not good. Once it enters a system, it uses three ways to spread automatically in a network, one of which is the known Eternal Blue vulnerability, which WannaCry used as well. Also bad.
Some infections may even be associated with a familiar tax accounting software package to get its foot in the door when initially infecting networks.
For a world-class, in-depth analysis on Nyetya, see the blog by Talos
, Cisco Security’s threat intelligence team, covering how the ransomware operates and what security protections will keep you safe against it.
We’ve seen ransomware makers innovate in order to do damage any way they can in the past few years. Phishing emails? Check. Network vulnerabilities? Yep. Malvertising? Of course.
We’ve underscored defense-in-depth for years – and it is as important as ever given how ransomware works. And of course, you need the right team and resources to back up great technology to respond in worst-case scenarios.
This thinking shaped Cisco's Ransomware Defense solution, a set of products we’ve tested calling on layers of protection from DNS security to endpoint security to email to network security, to best keep ransomware at bay.
And the obligatory public service message on good IT practices: prioritize patching your systems to reduce security risk. While you’re at it, please make back-ups of key data a fundamental part of any security program.
Some key elements of Ransomware Defences
| ||Incident Response Services|
Incident response services help you prepare for, manage, and recover from data breaches and network attacks. Leverage Talos threat intelligence and the most current security technology to respond to attacks and reduce damage and exposure.
Ransomware can penetrate organizations in multiple ways. Reducing the risk of infections requires more than a single product. Cisco Ransomware Defense uses an architectural approach to strengthen defenses with detection, visibility, and intelligence. Like Cisco Umbrella
Network Security and Segmentation
Detect and block malicious network activity and prevent lateral spread of malware.
Advance Your Defences
Cisco Advanced Malware Protection (AMP) for Endpoints stops ransomware files from running on endpoints.