A severe ransomware attack known as "GoldenEye" is hitting computers throughout the world, including the United States. Here is some background information on GoldenEye and how to help keep your organization protected:
What Happened: Cybercriminals launched a massive attack using a security exploit - EternalBlue - found in Microsoft Windows. The attack seems to have used the same type of exploit and hacking tool as WannaCry, which affected hundreds of thousands of victims in more than 150 countries in May.
While Microsoft released a series of patches between March and June to address the vulnerability, users on old versions of operating systems or those with an inadequate patch management strategy remain vulnerable. The vulnerability allows cybercriminals to release the malware, which starts encrypting files and demanding a ransom in bitcoin for a decryption code the cybercriminals claim will give control of data back to the user. GoldenEye, a variant of an existing ransomware family called Petya, may go beyond encrypting certain files to locking an entire file system.
Those affected thus far include Russia's largest oil company, the Maersk shipping company and a Ukrainian media company. The list of victims is expected to grow significantly in the coming hours and days.
What P1 Did for Clients: We have taken the necessary steps to ensure our clients have the latest preventive measures, including security patches released by Microsoft. In addition, we have increased proactive monitoring and scanning for key components of the security threat.
What You Can Do to Help Protect Yourself: During a cyberattack of this nature, taking extra precaution with email is advised. Follow the following six best practices to help protect yourself and your work environment:
1. Advise staff not to open any email coming from external systems (e.g., Gmail, Yahoo!, AOL and Hotmail).
2. Advise staff not to use these same external systems if they have personal accounts.
3. Do not open any email from a sender you do not recognize.
4. Even if you recognize the sender, if you were not expecting the email, avoid opening it. It is particularly important to a) never open a ZIP (compressed) file or strange-looking attachments, and b) never click a link in an email. Links can say one thing but direct a user to something entirely different.
5. If you must open an "expected" email that includes an attachment or link, try to confirm with the sender via phone or other means before opening the attachment or clicking the link.
6. Outside the office, consider a change of password for any webmail account you may use such as Gmail, Yahoo!, AOL and Hotmail. The best passwords are a combination of eight or more characters comprised of random capitalization that do not spell true words or names, numbers and special characters (~!@#$%^&*()_+).
How P1 Can Help You: Our current Security offerings include multiple layers of additional protection that were able to identify and mitigate the risks of the attack. To learn more about these offerings and how to add this additional layer of security, contact us at (201) 505-1800.Follow us on social media - Facebook, Twitter and LinkedIn - for ongoing updates as we monitor the attack.