Close Menu
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Facebook X (Twitter) LinkedIn
Facebook X (Twitter) LinkedIn
Information Security BuzzInformation Security Buzz
  • Home
  • Articles
    • Attacks
      • BEC
      • Data Breach
      • DDoS
      • Evasion Attacks
      • Injection
      • Malware
      • MITM
      • Phishing
      • Ransomware
      • RCE
      • Social Engineering
      • Spoofing
      • Spyware
    • Business and Policy
      • BCP and DRP
      • GRC
      • Regulations
    • Data Protection
      • DLP
      • DRM
      • Encryption
      • IAM
    • Future, Trends and Insight
      • AI
      • Events & Community
      • Emerging Tech
      • Expert Panel
      • Interviews With Experts
      • Insights
      • Study & Research
    • Resources
      • Guides
      • Tools
      • Training & Education
    • Security
      • API
      • Apps
      • Cloud
      • Critical Infrastructure
      • Endpoint
      • Hardware
      • IoT
      • Mobile
      • Network
      • OT
      • Port Security
      • Security Architecture
      • Software Development
      • Supply Chain
      • Zero Trust
    • Threats and Vulnerabilities
      • Emerging Threats
      • Insider Threats
      • Risk Management
      • Threat Intelligence
      • Zero Day
  • News and Exclusives
    • Latest News
    • ISB Exclusive
    • Positive News
  • Who We Are
    • About Us
    • Information Security Buzz Expert Panel​
    • Write for Us
    • Media Pack
  • Contact Us
  • Newsletter
Subscribe
Information Security BuzzInformation Security Buzz
Home - News & Analysis - WannaCry Hits Russian Postal Service, Exposes Wider Security Shortcomings
News & Analysis

WannaCry Hits Russian Postal Service, Exposes Wider Security Shortcomings

ISBuzz TeamBy ISBuzz TeamMay 25, 2017Updated:July 4, 20243 Mins Read
Share LinkedIn Twitter Facebook Copy Link Email
Share
Facebook Twitter LinkedIn Email Copy Link
Quick AI Summary
ChatGPTClaudeGeminiGrokPerplexityDeepSeekCopilot

In the ongoing international WannaCry ransomware saga, today Reuters reported from Moscow that Russia’s postal service was hit by WannaCry ransomware last week and some of its computers are still down, three employees in Moscow said, the latest sign of weaknesses that have made the country a major victim of the global extortion campaign. IT security experts from Cyphort Labs, Tripwire and FireMon commented below.

Mounir Hahad, Ph.D., Senior Director at Silicon Valley-Based Cyphort Labs:

“We are not aware of organizations with consumer facing services that are down.

It is surprising that this particular service is still down. I suspect this has nothing to do with encrypted files. The computers are probably infected in a way that did not trigger the encryption of data (thanks to the kill switches) and that the IT team fears the ransomware would be awakened and start infecting other computers. We already know of DDoS attacks against the kill switches that could indeed bring to life zombie infected computers.

Given these computers may still be running unsupported Windows XP operating system, it may be a while before they are upgraded to a newer OS, especially if postal applications need to be certified on a new OS before being put in production.

Going back to Windows XP would be a mistake in my opinion. There could be more yet to be disclosed vulnerabilities on this OS which Microsoft no longer supports and cyber criminals would be happy to take advantage of that.”

Paul Norris, Senior Systems Engineer, EMEA at Tripwire:

“After almost two weeks since WannaCry hit the world causing widespread disruption, there are still stories breaking where organisations have just fallen victim to the attack. Some companies have not recovered from the attack yet.

It begs the question, with all the exposure this cyber-attack generated, dominating headlines, endless blogs written about it, why are companies still being attacked?

The unfortunate truth is that, despite the warnings and advisories to patch and secure the systems, there will always be a system that is missed. Worse still, companies have not reacted quickly enough as time, effort and money has to be sort to protect these systems. Complacency could be another reason why new outbreaks are being discovered… some companies may feel that because they were not impacted in the first two weeks, they won’t be infected as the controls they have in place are working without checking.

Conficker hit us in 2008 with a similar attack, causing an outbreak globally. Companies patched and secured their systems but months after the outbreak, Conficker was still infecting companies that hadn’t taken the necessary precautions.

Some simple controls that could help prevent the spread of the WannaCry outbreak can be adopted with minimal cost to companies and as these controls have not been applied, we will hear more additional outbreaks. Companies that haven’t recovered would suggest a more severe problem – no disaster recovery plan, backups or no internal process or control to apply patches and secure systems. It could be that these companies need to recover the encrypted data to resume operations, and if that’s unlikely, may have to start again in rebuilding their systems, or reverting to old backups.”

Paul Calatayud, Chief Technology Officer at FireMon:

 “It is not a surprise that these systems are still down. If they were critical to operations and now hit with malware, it’s now about recovery and restoration. And keep in mind, restoring a system prior to exploit means it’s once again vulnerable to the same exploit until it has been patched.”

 

ISBuzz Team
  • ISBuzz Team
    Air Canada Data Breach: BianLian Extortion Group Claims A Massive Heist Contrary To Airline’s Earlier Statement
  • ISBuzz Team
    Unprecedented DDoS Attack Rocks The Web: Tech Giants Reveal A Digital Tsunami
  • ISBuzz Team
    CISA Flags High-Severity Adobe Acrobat Reader Flaw Amid Active Exploits
  • ISBuzz Team
    Curl Security Alert: Patching A Critical Bug Averting Potential Cyber Catastrophe

The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.

Share. Facebook Twitter LinkedIn Email Copy Link

Related Posts

Foxconn confirms cyberattack following Nitrogen ransomware claims

May 14, 20263 Mins Read

Visual data is the blind spot in enterprise security: that’s about to change

May 4, 20267 Mins Read

Making stolen data worthless: why security must start with the data

March 30, 20265 Mins Read
ISB-Bora-Side-Bar

No se ha podido establecer conexión. Error 429

 
ISB-Bora-Side-Bar
Black ISB Logo

Information Security Buzz is an independent resource that provides the experts’ comments, analysis, and opinion on the latest Cybersecurity news and topics

X (Twitter) LinkedIn Facebook RSS

Working With Us

  • About Us
  • Advertise With Us
  • Contact Us

Write For Us

  • How To Contribute

The Pages

  • Privacy Policy
  • Cookie Policy
  • AI Policy
  • Terms & Conditions
  • Copyright Notice

Information Security Buzz and all its contents are copyright © 2014-2025. All rights reserved. All third-party trademarks are recognized.

Type above and press Enter to search. Press Esc to cancel.

Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}