On the heels of last month’s WannaCry cyberattack, a new ransomware attack shut down systems across Europe this week. The main focus of the attack appears to be in the Ukraine (including banks, telecom, electrical systems, the main city metros, and the airport), but it has now appeared in 65 countries around the world.

What is Nyetya?

Ransomware is a rapidly emerging malware that locks up systems and data until attacker demands are met. The attackers may also threaten to destroy the data altogether. This attack is called Nyetya (a variant of Petya). It encrypts the master boot record, and may spread through the network. Like WannaCry, Nyetya leveraged the known EternalBlue vulnerability. Its origins are possibly associated with a tax accounting software package.

For a detailed analysis, see the blog post by Talos, Cisco’s threat intelligence team.

Retail and ransomware: The bigger picture

So far, retail has luckily been one of the less affected industries in the recent ransomware attacks. The industry is protected to some degree by demanding compliance standards (such as PCI DSS). Cardholder data is usually attacked at the point of sale or in sales systems, while ransomware is a completely different type of attack. However, it’s probably just a matter of time before cardholder data is locked up the same way.

As a retailer, you need to be thinking about assuring good security that warns of attempts being made to access the system, supported by a solid backup protocol that allows you to not pay, shut down, install the patches, and reload your data. Cisco recommends a set of ransomware defense products that calls on layers of protection from DNS security to endpoint security to email to network security. You can also learn more about Nyetya and solutions to protect your business here. For more on ransomware and retail, see my recent post about securing your retail store with the SAFE methodology.

Join our webinar hosted by Martin Lee, technical lead on Cisco’s Talos threat research team, to understand the latest on Nyetya.  This session will take place on Friday, June 30, 2017 at 7 am PDT / 3 pm BST / 4 pm CEST.  Hear the latest on the attack and steps you can take to strengthen your security.



Mary Freeman

No Longer with Cisco