I WannaCry all over againOn the morning of June 27th, reports began surfacing of widespread attacks against Ukrainian critical infrastructure sectors that included aviation, banking, and electricity. An unknown malware had begun affecting IT systems in these sectors. Business systems were made unavailable and normal processes stopped. Fortunately, no operational technology, the technology that runs the energy grid, was reported to be affected.Affected systems were widespread. They included Ukrenergo, the country’s electric transmission company, and Kyivenergo, the distribution company serving the Kiev region, While Ukrenergy reported no outages, Kyivenergy was forced to shut down all administratve systems, awaiting permission from the Ukraine’s Security Service (SBU) before restarting.Others victims in Ukraine and internationally included:The Ukrainian government, including parliament and cabinetUkraine’s largest bank, OschadbankKiev’s Borysopil Airport, affecting departure boards and scheduling systemsThe Ukrainian state postal serviceKiev’s metro systemTelevision stations.Rosneft, a Russian government-owned oil firmSteel maker EvarzThree Ukrainian telecom companies, Kyivstar, LifeCell and Ukrtelecom.Danish shipping company Maersk reported that systems in the UK and Ireland were affected.The attack occurred, probably not by chance, only hours after the car bombing murder of Col. Maxim Shapoval of the Ukraine Chief Directorate of Intelligence and a day before Ukraine’s Constitution Day. The name gameThe offending malware was soon identified at PETYA, PETRYA, or PETwrap, depending upon the source. PETYA reportedly utilized the the NSA’s leaked EternalBlue, the same Windows SMBv1 vulnerability as WannaCry, PETYA does not initially encrypt individual files, but replaces the master boot record (MBR), leaving the entire system unusable. Should the MBR not be available, it then goes on to encrypt the individual files.What part didn’t you get about ‘patch now?’Perhaps the most valuable lesson we can learn from this attack is that Charles Darwin was right. It’s survival of the fittest; right along with that goes the smartest. Unless some completely new vector is discovered in action with this new threat, victims of PETYA have no excuse. The SMB vulnerability in question had been patched by Microsoft prior to WannaCry’s May outbreak. During the WannaCry outbreak, Microsoft provided additional patches for legacy operating systems, those no longer supported by normal updates, like Windows XP and Server 2003. Even with these extraordinary measures to provide users with the protection they needed, some failed to update and/or patch. Those who failed to take action and install patches handed to them on a silver platter are now victims of PETYA, and themselves sources of the new infection to others. Akin to a neighbor with a garage full of dynamite, this is the kind of negligence that endangers the entire cyber neighborhood.ISACs to the rescueInformation Sharing and Analysis Centers (ISACs) in the U.S. were able to get ahead of the infection thanks to early warning and quick action. The Downstream Natural Gas and Electric ISACS combined forces to collect, analyze, and alert their sector members, providing early indicators and even links to algorithms successfully used to earlier decrypt the PETYA ransomware. Having just recently experienced the WannaCry worm, their members were patched and defended. There were no reports of infection in electric or downstream natural gas sectors. Related content opinion Toe-to-toe with the Roosskies Russia is hardly, if at all, deterred by sanctions. Until Uncle Sam puts his kinetic foot down, Russian Intrusions and campaigns will continue and most likely increase. By John Bryk Mar 19, 2018 5 mins Cyberattacks Government Technology Industry opinion The next wave? Modular component malware against industrial control safety systems While there exist no imminent, specific, directly attributable credible threats against energy infrastructure in North America, attacks against Ukraine’s energy sector have occurred each December since 2015. By John Bryk Dec 15, 2017 3 mins Cyberattacks Energy Industry Technology Industry opinion Eugene Kaspersky and the terrible, horrible, no good, very bad day When a crime is committed, who should go to jail? By John Bryk Oct 11, 2017 4 mins Technology Industry Cyberattacks Cybercrime opinion Global cyber reconnaissance against the energy sector The sky is not falling, at least not today. By John Bryk Jul 12, 2017 4 mins Cyberattacks Energy Industry Technology Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe