What is NotPetya and Why Does it Matter?

Craig Pollack | Jun 28, 2017

What is NotPetya and Why Does it Matter?

Here we go again.  Although, this time with a little different twist. After careful review, the cyber security community has come to the conclusion that with the latest cyber attack, NotPetya, we're not simply dealing with ransomware but rather we're actually dealing with cyber warfare. Two separate reports coming from Comae Technologies and Kaspersky Lab experts now confirm this.

Beyond the potential vulnerability big companies getting hit still shows us, the scary part is that this time they're looking to wreak havoc rather than simply hold your data hostage.

Rather than the typical ransomware approach, NotPetya is a destructive disk wiper similar to Shamoon (which more recently has been targeting Saudi Arabia). Note that while Shamoon actually deleted files, NotPetya goes about it slightly differently. It doesn't delete any files but simply makes them unusable by locking the files and then throwing away the key. The end result is the same. The bottom line is - someone is hijacking known ransomware families and using them to attack computer systems. 

There are several technical indicators that NotPetya was only made to look like ransomware as a smoke screen:

  1. It never bothers to generate a valid infection ID
  2. The Master File Table gets overwritten and is not recoverable
  3. The author of the original Petya also made it clear NotPetya was not his work

So what does this all mean?

It's just another reminder of the importance of your business having the appropriate security posture above and beyond just for compliance sake. It means taking real and meaningful steps to secure and protect your systems and data.  

What are the practical steps you should be doing...

  1. Implement a solid backup and disaster recovery solution
  2. Implement an ongoing user security awareness training program!
  3. Ensure all endpoints are secure with a managed Anti-virus program
  4. Ensure your network edge is secured with a managed firewall program
  5. Ensure your users are protected with an Internet Threat Protection layer (like Cisco Umbrella)
  6. Control what programs are allowed to run on your firm's computers (ie: privilege management)

On top of this, here are a couple of other additions that would add a robust layer of protection:

  1. Implement dual-factor authentication for your network
  2. Implement a cyber security intrusion monitoring program

For additional details, check out some of our recent blog posts:

As a reminder - if you're currently an FPA Managed Service client and you're fully on our "FPA Stack", then you've set yourself up for success with a strong foundation.

What do you think? Has this info been helpful? Let us know in the Comment box below or shoot me an email if you’d like to chat about this in more detail.

Click Here to Request Your Free Technology Review Call Today

Author

Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 25 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best secure and leverage their technology to achieve their business objectives.

Comments