'Israeli readiness prevented mass damage from global cyberattack' - Ilan Gattegno, Lilach Shoval, News Agencies and Israel Hayom Staff

by Ilan Gattegno, Lilach Shoval, News Agencies and Israel Hayom Staff

Virulent data-scrambling software infects scores of computers across Europe and U.S., but only three Israeli companies report being hit

A ransomware notification on a computer affected by Tuesday's cyberattack | Photo credit: AP

Three Israeli companies reported they were hit on Tuesday as part of a global cyberattack that began in Russia and Ukraine and quickly spread across Europe and to the United States, wreaking havoc on government and corporate computer systems.

The National Cyber Defense Authority in the Prime Minister's Office said that Israeli companies hit by the ransomware attack should contact it for assistance and not pay the hackers. 

The virulent data-scrambling software infected scores of computers across Russia, Ukraine, Poland, Italy, Germany, France, the U.K. and the U.S. Several multinational firms said they were targeted, including U.S. pharmaceutical giant Merck, Russian state oil giant Rosneft, British advertising giant WPP, and the French industrial group Saint-Gobain. But the impact on Israel seems to have been marginal. 

The attack came two months after another global ransomware assault, the "WannaCry" virus, hit 100 nations. 

Some IT experts identified the latest virus as "Petrwrap," a modified version of the Petya ransomware that hit last year and demanded money from victims in exchange for the return of their data. 

But global cybersecurity firm Kaspersky Lab said, "Our preliminary findings suggest that it is not a variant of Petya ransomware as publicly reported, but a new ransomware that has not been seen before." 

The virus crippled computers running Microsoft Windows by encrypting hard drives and overwriting files, then demanded $300 in bitcoin digital currency payments to restore access. 

Microsoft said the virus could spread through a flaw that was patched in a security update in March.

"We are continuing to investigate and will take appropriate action to protect customers," a company spokesman said, adding that Microsoft antivirus software detects and removes this virus.

Israeli cyber experts attributed the small number of companies affected locally to the vigilance of Israeli users. They said that overall, Israeli readiness and cyber countermeasures prevented massive damage to local infrastructure and industries. 

"This was a very serious event. It seems this cyberattack was carried out after a careful study of the lessons learned from the global attack two months ago," Erez Kreiner, formerly director of information security at the Shin Bet security agency, told Channel 10 News.

Kreiner warned that such ransomware attacks striking critical infrastructure "could have disastrous results," but he stressed that Israel is among the world's top five nations in cyber defenses for critical infrastructure.

Hackers who launch data encryption attacks could have two goals, he said. 

"The first is financial, obviously. The ransom these hackers demand can amount to large sums of money," he said. "The second is the massive political impact such attacks can have."

An expert with the Tel Aviv-based ESET information security firm told Channel 2 News that "we are seeing more and more ransomware attacks and it doesn't seem they're going to stop." 

The National Cyber Defense Authority's guidelines on how to avoid ransomware attacks recommend backing up data on external drives, disconnected from the main operating system; installing all Microsoft operating system security updates and patches; updating antivirus and other security software; and refraining from opening emails or emailed files and links from unknown sources.

Tuesday's rapidly spreading cyber extortion campaign underscored growing concerns that businesses have failed to secure their networks from increasingly aggressive hackers, who have shown they are capable of shutting down critical infrastructure and crippling corporate and government networks.

The U.S. National Security Council said government agencies are investigating the attack and the U.S. is "determined to hold those responsible accountable."

International police organization Interpol said it was "closely monitoring" the situation and liaising with its member countries

Ilan Gattegno, Lilach Shoval, News Agencies and Israel Hayom Staff

Source: http://www.israelhayom.com/site/newsletter_article.php?id=43439

Follow Middle East and Terrorism on Twitter

Copyright - Original materials copyright (c) by the authors.