Last week, the second international malware attack in less than two months threatened the security of computers around the globe.

Often called “NotPetya,” the malware primarily struck systems in Ukraine, but also jumped from that country to more than 80 jurisdictions worldwide — even potentially infecting networks in the Virgin Islands.

On Monday, the TMF Group, a multinational business services company with a team in the VI, announced that it had been working with IT experts to fix its systems after its global network had been attacked in the June 27 malware strike.

“They have made impressive progress across over 120 offices in more than 80 countries in restoring the network, connectivity, file servers and the rebuild of desktops and laptops for 7,000-plus employees,” the release stated. “We have engaged additional engineers to reinforce our global efforts and are pleased to say all staff are now back on e-mail.”

No client data was compromised, the press release added.

A VI TMF Group employee declined to provide any information to the Beacon.

Spreading ‘like wildfire’

Ryan Geluk, the deputy managing director of BDO Limited, acknowledged that NotPetya may have reached the territory’s shores.

“These things can spread like wildfire,” Mr. Geluk said. “It wouldn’t surprise me if it had some sort of impact here.”

The malware acts as a so-called “cryptoworm” that can spread to other vulnerable computers on a network without the need for a user to take any action.

It operates on Windows systems, according to Guy-Paul Dubois, president of the local chapter of the Information Systems Security Association, an international non-profit organisation dedicated to promoting effective cyber security around the world.

Second strike

At first glance, NotPetya resembled May’s WannaCry malware strike, a global ransomware cryptoworm attack that took hundreds of thousands of computers’ data hostage and demanded ransom payments in Bitcoins — a widely used cryptocurrency — from their respective owners.

Upon further inspection, however, the more recent attack looks like something even more antagonistic: The NotPetya malware appears unable to decrypt data even if computer owners pay the ransom, according to analysis carried out by researchers at the Kapersky Lab, a Moscow-based cyber security provider.

Instead, the researchers believe the NotPetya strike took the form of a wiper attack — malware that eliminates a computer’s data without hope of securing a ransom. The motivation for such an attack is often purely destructive or chaotic, as opposed to financial, analysts say.

NotPetya is also reportedly much more difficult to shut down, warned KPMG (BVI) Limited.

“Unlike the recent WannaCry incident, it has not been possible to discover a means of remotely disabling the malware (a ‘kill switch’), and as such there is a risk of aggressive spread within local networks,” KPMG stated in a press advisory.

Some experts, including Mr. Dubois, suspect the NotPetya attack — with its apparently destructive intent and focus on Ukraine — was likely spearheaded or sponsored by a foreign government.

Last weekend, Ukrainian officials reportedly accused Russian government hackers of sparking the attack, a charge that Russia has denied.

Protecting yourself

Mr. Dubois, who also works as the manager of technology risk services for BDO Limited, pointed to numerous measures an individual or company can take to protect themselves from future attacks like NotPetya, which he says are likely to happen.

“After the WannaCry disaster in May, there is no reason your systems shouldn’t be updated,” he said in an ISSA press release.

Microsoft offered the fix for one of the vulnerabilities attacked by both NotPetya and WannaCry in a free patch in March.

Mr. Dubois and other ISSA officials also emphasised the importance of individual education.

“The users are always the first line of defence to your network,” Greg Lemmon, secretary of the VI branch of ISSA, said in a press release. “They should easily be able to identify most phishing attempts; however, without proper training they can become a weak point in your defences.”

NotPetya took the form of a legitimate-looking e-mail, which activates the malware when a recipient clicks or opens an attachment, according to ISSA.

“If you’re not expecting an email from somebody with an attachment, don’t open it,” Mr. Geluk advised.

Additionally, ISSA recommends using long and complex passwords that vary from purpose to purpose, as well as keeping tested backups of all files.

Especially on the heels of the Panama Papers controversy, another data leak has potential to seriously harm the territory’s financial services industry, Mr. Geluk explained.

“[Data protection] has to be one of the top priorities going forward for our industry,” he said.

The local ISSA chapter formed this year in hopes of bringing together professionals from different industries to increase the territory’s understanding of the importance of data protection, according to the press release. The group meets the last Tuesday of every month at Harneys.

{fcomment}