The Petya ransomware scourge that blasted businesses in the Ukraine and spread throughout Europe and into Asia and the Pacific focused attention on the importance of securing email systems, which are a favorite target of cyber extortionists.
"The most common way to deliver ransomware has been through some form of email-based attack," said Gary Steele, founder and CEO of email-security-specialist Proofpoint Inc. (PFPT) . In the wake of the Petya attacks, shares of Proofpoint gained nearly 5% to $88.53 on Wednesday.
Petya and recent ransomware mega-strain WannaCry departed from ransomware conventions, however.
"What was unique about WannaCry and also about Petya is they both leveraged a different network mechanism that allowed it to spread faster than frankly it could be spread through email," Steele said.
Petya and WannaCry, which hit 230,000 computers around the world in May, targeted a security vulnerability in Microsoft Corp.'s (MSFT) Windows that was dubbed EternalBlue. Microsoft had actually provided security patches that would protect users from hacks.
"There had been a lot of patching so there was less of that to exploit [with Petya]," Steele said.
The two ransomware strains also made use of Windows file-sharing capabilities to spread rapidly through systems, Steele said. Likewise, MalwareBytes Labs in May reported findings that WannaCry did not spread through email.
Despite the similarities, WannaCry and Petya are not exactly the same.
The WannaCry hackers left a kill switch in their code, which researchers from Proofpoint and other groups identified. Triggering the switch curbed the spread of the attack, though new strains appeared.
"Unlike WannaCry there was no kill switch," Steele said of Petya. However, there is a "vaccine," involving the creation of a read-only file, that will prevent Petya from locking up a computer.
Petya and WannaCry had a larger impact in Europe and other overseas markets than in the U.S., perhaps because of the mega-hacks that have affected Home Depot Inc. ( HD) , Target Corp. ( TGT) , Anthem Inc. ( ANTM) and others in recent years.
"Because of the level of risk and number of breaches that have happened in the US, there is a broader awareness around making sure systems are up to date and patched," Steele suggested. "The bad actors probably view more vulnerability outside the U.S., but that's really just guessing."
Presumably, businesses that haven't patched Windows vulnerabilities will finally get the message. Cyber thieves are industrious, however, and will develop new means of breaking into business systems. "We see a different form of ransomware every two to three days," Steele said.
Considering the global scale of their disruption, the makers of WannaCry and Petya have collected modest sums. U.K. Bitcoin-tracking group Elliptic Enterprise Ltd. states that WannaCry generated less than $135,000 in ransom through June 28. A bot tracking payments for Petya put the total at about $10,300 on Wednesday afternoon.
Still, Proofpoint's Steele says that ransomware victims have demonstrated a willingness to pay up and given online crooks an incentive to keep producing new strains of extortion software.
"The reality is that while the broad population today feels somewhat immune and tired of hearing about this, we're going to continue to hear about this," Steele said.
Visit here for more of the latest business headlines.