The FBI has reportedly issued a flash warning to companies in the United States about a new form of malware that cripples hard drives and threatens to steal their intellectual property (IP).
While few details of the warning are available, the release follows a recent reported attack on the systems of Sony Pictures Entertainment in the US.
There is no evidence that the reported malware is being used to target companies and individuals in Australia. Nevertheless, if you maintain corporate IP, financial data or sensitive employee information on hard drives, you should check your security tools, ensure your backups are up-to-date, and ask employees to review and limit the amount of sensitive personal data, such as banking details, they save on files or emails.
Targeted threats precede theft of data and destruction of hard drives
The new malware reportedly overrides data on computer hard drives, and makes it impossible to subsequently restart affected devices. It also shuts down email communications. Recovering data on hard drives attacked by the malware can be difficult and costly, if not impossible.
Reuters reported that the initial attack originated from an organisation calling themselves #GOP, or Guardians of Peace. Employees reportedly experienced unprompted messages from #GOP on corporate devices, followed by unrecoverable crashes.
Small businesses should be on the alert for any unusual messages that are flashed on-screen during device startups, in particular messages that contain a specific threat to your commercial interests. Employees should be asked to report any spam email, or electronic communication, that makes coercive threats against company executives.
Potential risks include leaking of company data, communication systems going offline—including email—and Twitter accounts being hijacked.
Types of information that may be threatened by this malware include:
- company IP
- sensitive commercial information, including finance and accounting information and contracts
- PDF files containing confidential employee information, including credit card details and passport pages and
- logins and passwords to company and third-party sites.
Staying safe
The appearance of new malware should act as a reminder to all businesses to keep their information security practices under constant, or comprehensive periodic review. IT and network administrators should ensure that security tools are up-to-date, data is backed up regularly, and that corporate policies extend to employee-owned devices that are used for work purposes.
Employees should be asked to periodically change the passwords they use for work activities. They should also be asked to consider whether sensitive personal data, for example banking details, are stored anywhere on work emails or work hard drives. If so, they should consider deleting files or emails that are not essential to day-to-day working activities.