Another cyber attack shows we need more cybersecurity defense, not offense

Washington D.C. (June 27, 2017) — Access Now condemns today’s cyber attack that is wreaking havoc on power companies, public transit, and banks across Europe, particularly in Ukraine and Russia. We call on governments around the world to learn that we need to get serious about cybersecurity.

The apparent ransomware attack — called Petya — is reportedly using the same EternalBlue exploit to propagate that was found in the WannaCry attack in May. Whereas the WannaCry attack encrypted files until the victim paid a ransom, today’s attack interferes with the infected computer’s boot process to render the device inaccessible. However, the attacker’s email service has reportedly closed the account so that victims are unable to pay the ransom.

EternalBlue is an exploit created by the U.S. National Security Agency (NSA) and leaked by the Shadowbrokers. Microsoft issued a patch for the vulnerability, but it’s clear today the damage is still being felt.

The following statement is attributable to Drew Mitnick, policy counsel at Access Now:

“Every attack is a reminder that cybersecurity threats are only growing more frequent and more vicious. We need to learn from each attack and encourage cyber hygiene to improve digital security.

“Better protecting against threats like Petya and WannaCry requires a systematic approach to cybersecurity. We need to recognize that governments should not stockpile vulnerabilities. Governments should promote patching by developing and codifying vulnerabilities equities processes and through support of coordinated disclosure programs. Companies need to act quickly to develop and distribute patches to ensure devices are actually protected. Finally, end users should ensure they are installing the latest security updates.”