New massive cyberattacks

New Massive Cyberattacks – What Happened and How Can Companies Protect Themselves?

At first, the recent cyberattacks appeared to be a follow-up of the recent WannaCry attack. As in May, the attackers used ransomware to encrypt corporate data and subsequently demanding 300 Bitcoin for the decryption. However, the e-mail address that was supposed to send the decryption key to victims was invalid. Immediately, security experts suspected that this new Petya variant used ransom only as a pretext – the real intention seemed to be politically motivated. The attacker group wasn’t out to make a profit but rather to cause chaos and to shut down business activities of corporations.

But what happened exactly?

The Ukraine seemed to be the main target as it was hit first and the hardest. Here, the ransomware spread via an update to an Ukrainian tax software called MeDoc. Everyone who is liable to pay taxes in the Ukraine uses it, including big multinational corporations. Indeed a huge target! And supposedly the first time that ransomware spread via an software update. How it was actually possible to compromise the software update remains unclear. However, there are a few theories:

  • The attackers managed to get access to the MeDoc updating system
  • Update requests by the victims were redirected to a server controlled by the criminals
  • Access to the update via man-in-the-middle attack

Security experts and researchers actually call this attack variation NotPetya. But just as WannaCry, it also uses the known vulnerability to spread throughout the respective networks: EternalBlue. This is, as you might remember, a vulnerability in Microsoft's SMB protocol (Server Message Block, a protocol for making files and printers available in a local network).

Once NotPetya successfully infected a PC, it restarted and all data on the system drive and the MBR (Master Boot Record) was encrypted.

Tips for when you suspect infection:

  • When PC shuts down for no reason, cut off the power supply. Maybe that way a data encryption can be avoided.
  • Keep the encrypted hard drives. Maybe the decryption key will be retrieved and eventually your encrypted files are not lost.

Here are some general recommendations for cybersecurity:

  • Always keep your operating system up to date.
  • Most malware infects your system via e-mail and browser: So start using our secure browser solution, Browser in the Box.
  • Review your firewall settings or use NextGeneration Firewalls that support whitelisting and Deep Packet Inspection like our gateprotect Firewalls.
  • Protect your network right from the beginning with network analytics tools like R&S®PACE 2 from Rohde & Schwarz Cybersecurity.

Do you need help when it comes to cybersecurity? Are you dealing with IT security challenges in your company? Then don’t hesitate and contact us.

Request information

Do you have questions or need additional information? Simply fill out this form and we will get right back to you.

I want to receive information from Rohde & Schwarz via

Marketing permission

What does this mean in detail?

I agree that Rohde & Schwarz GmbH & Co. KG and the Rohde & Schwarz entity or subsidiary company mentioned in the imprint of this website, may contact me via the chosen channel (email or postal mail) for marketing and advertising purposes (e.g. information on special offers and discount promotions) related to, but not limited to, products and solutions in the fields of test and measurement, secure communications, monitoring and network testing, broadcast and media, and cybersecurity.

Your rights

This declaration of consent may be withdrawn at any time by sending an email with the subject "Unsubscribe" to Additionally, a link to unsubscribe from future email advertisements is contained in each email sent. Further details on the use of personal data and the withdrawal procedure are set out in the Statement of Privacy.

Your request has been sent successfully. We will contact you shortly.
An error is occurred, please try it again later.