Nuance still down after Petya cyberattack, offers customers alternative tools

Meanwhile, researchers have confirmed NotPetya isn’t ransomware, and instead hackers masked the virus with ransom to dictate the media narrative and hide the real intent: disruption and destruction of data.
By Jessica Davis
12:52 PM
Share
petya cyberattack ransomware

Nuance Communications, a major provider of voice and language tools is still down on Thursday after it was knocked down by the global NotPetya cyberattack on Tuesday.

Portions of the network were knocked following the attack, officials told its customers. Nuance is still working through the incident, which includes a major part of its services to healthcare clients.

[Also: Nuance knocked offline by ransomware attacking Europe]

The company is offering Dragon Medical One or Dragon Medical Network Edition as an option for these customers. And officials said customers may also choose to implement an alternative dictation service.

“Today our technical teams are continuing to work on network server recovery, determining the recovery process and timing and other client options,” officials said on the Nuance Twitter account.

The update comes as Comae Technologies and Kaspersky Labs announced NotPetya was not a ransomware attack, but a wiper meant to destroy. The hackers masked the virus as ransomware to distract the media.

[Also: Researchers find Petya ransomware vaccine, but no kill switch]

This is a separate update than the initial report that the German email provider Posteo shut down the email account connected to the ransomware. Without the email address, victims couldn’t contact the hackers to pay the ransom or regain the files.

But that no longer matters.

NotPetya hackers didn’t employ a command-and-control server like standard ransomware strains. Instead, Kaspersky Labs researchers said the hackers use the infection identification to store the data from each infected computer and the decryption key.

The primary goal of NotPetya is to damage and destruct data. While ransomware is capable of restoring data, a wiper excludes restoration possibilities. Comae officials said the latest virus leverages not only the leaked NSA ETERNALBLUE exploit, but also ETERNALROMANCE.

Further, Kaspersky researchers said the key presented on infected computers is fake and randomly generated.

Comae officials said that Microsoft’s initial analysis was accurate, but added the initial attacks that began in Ukarine didn’t just shut down large portions of its systems. NotPetya “trashed the 24 first sector blocks of the disk, while replicating itself.”

The hacker merely took the successful Petya ransomware of 2016 and modified the code set to destruction. Both security firms said that it’s this reason that points to a nation-state actor and not a criminal hacking group.

So far, there have been more than 2,000 attacks in 64 countries. Nuance, biopharma giant Merck and a large Pennsylvania health system have been in the hardest hit in the U.S., while Ukraine has faced the most interruptions. India, Brazil, Denmark and Russia were also targeted.

HIMSS is tracking Petya/NotPetya updates, which include how users can tell if their system has been compromised and how to patch the CVE-2017-0144 vulnerability. Much like the FBI and security experts, HIMSS confirmed organizations should not pay the ransom, and Petya is a damage/destruction virus.

We will update as more information becomes available.

Twitter: @JessieFDavis
Email the writer: jessica.davis@himssmedia.com


Like Healthcare IT News on Facebook and LinkedIn