Almost a month after the so-called NotPetya strike, the Ukrainian central bank today issued a warning to the nation’s financial institutions that they could be at risk from a ransomware attack of the kind that crippled government agencies and businesses a few weeks ago.
State-owned and private lenders are being urged to be vigilant after over 200,000 entities in 100 countries were affected by the NotPetya ransomware attack in June 2017.
The regulator has warned that the vulnerabilities exploited by the hackers are the same for companies as they are for individuals. It also advised the banking sector to follow the protection guidelines recently issued by the Computer Emergency Response Team (CERT) and Kiev police to boost their defences.
It has published some key protection messages for organisations to follow, including emphasising that organisations should not meet any stated demands or pay any ransom.
Why Ethereum Needs Layer 2 Solutions More Than EverGo to article >>
Ukraine was the country hardest hit by the attack that targeted hundreds of thousands of machines around the world, locking computers unless victims paid a ransom in Bitcoin.
At the time, Kiev accused Russian authorities of being involved in the major cyber-attack.
According to Reuters, the bank warned that the new malware is spread by opening email attachments of word documents: “Therefore on Aug. 11…, the central bank promptly informed banks about the appearance of new malicious code, its features, compromise indicators and the need to implement precautionary measures to prevent infection.”
“The nature of this malicious code, its mass distribution, and the fact that at the time of its distribution it was not detected by any anti-virus software, suggest that this attack is preparation for a mass cyber-attack on the corporate networks of Ukrainian businesses,” the letter said.