Here we go again. Although, this time with a little different twist. After careful review, the cyber security community has come to the conclusion that with the latest cyber attack, NotPetya, we're not simply dealing with ransomware but rather we're actually dealing with cyber warfare. Two separate reports coming from Comae Technologies and Kaspersky Lab experts now confirm this.
Beyond the potential vulnerability big companies getting hit still shows us, the scary part is that this time they're looking to wreak havoc rather than simply hold your data hostage.
Rather than the typical ransomware approach, NotPetya is a destructive disk wiper similar to Shamoon (which more recently has been targeting Saudi Arabia). Note that while Shamoon actually deleted files, NotPetya goes about it slightly differently. It doesn't delete any files but simply makes them unusable by locking the files and then throwing away the key. The end result is the same. The bottom line is - someone is hijacking known ransomware families and using them to attack computer systems.
There are several technical indicators that NotPetya was only made to look like ransomware as a smoke screen:
- It never bothers to generate a valid infection ID
- The Master File Table gets overwritten and is not recoverable
- The author of the original Petya also made it clear NotPetya was not his work
So what does this all mean?
It's just another reminder of the importance of your business having the appropriate security posture above and beyond just for compliance sake. It means taking real and meaningful steps to secure and protect your systems and data.
What are the practical steps you should be doing...
- Implement a solid backup and disaster recovery solution
- Implement an ongoing user security awareness training program!
- Ensure all endpoints are secure with a managed Anti-virus program
- Ensure your network edge is secured with a managed firewall program
- Ensure your users are protected with an Internet Threat Protection layer (like Cisco Umbrella)
- Control what programs are allowed to run on your firm's computers (ie: privilege management)
On top of this, here are a couple of other additions that would add a robust layer of protection:
- Implement dual-factor authentication for your network
- Implement a cyber security intrusion monitoring program
For additional details, check out some of our recent blog posts:
- Hands Down the Best Cyber Security Investment
- The Cliff Notes of ESET's Small Business Cybersecurity Survival Guide and Datto's Ransomware Report
- 8 Ways to Protect Your Network Against Ransomware
- The Cliff Notes of Verizon's 2017 Data Breach Report
As a reminder - if you're currently an FPA Managed Service client and you're fully on our "FPA Stack", then you've set yourself up for success with a strong foundation.
What do you think? Has this info been helpful? Let us know in the Comment box below or shoot me an email if you’d like to chat about this in more detail.