Malware: Knowledge is power

We know a lot about the NotPetya malware, including how it spreads and its functionality. It was highly sophisticated, spread quickly, and caused harm. In this blog, I share more about lessons learned from the incident.
By
Satish Maripuri explains the malware incident that affected Nuance

The global NotPetya malware incident that affected us and thousands of other organizations worldwide was unprecedented. It was highly sophisticated, spread quickly, and caused harm.

Understandably, it also created a lot of confusion. Some initial media accounts were inaccurate and misconceptions about the incident continue to spread. That kind of uncertainty can create fear.

The key to combating that fear is knowledge. To that end, I’d like to share more about lessons learned from the NotPetya malware incident, to reduce uncertainty and help our clients feel confident in our systems going forward.

We know a lot about the NotPetya malware, including how it spreads and its functionality. We have compared the behaviors we have seen on our internal network with extensive research performed by the security community and the Department of Homeland Security (US-CERT).

Based on our research and the work of independent experts:

  • NotPetya is not ransomware, as was initially reported by the media. NotPetya does not provide a legitimate method for decrypting files in exchange for paying a ransom.
  • Patches alone were not able to stop NotPetya. Unlike some malware, patching alone would not have stopped the propagation of NotPetya. The malware also can spread via compromised credentials through two inherent windows management and administration tools that are active even on fully patched systems.
  • NotPetya does not spread by email, by email attachments or by infecting other files. Research confirms that the malware does not have this capability.

Rest assured that we are putting this knowledge into action. We are enhancing our security against similar future incidents, including hardening the security configurations of endpoints, deploying advanced endpoint prevention and detection software, and enhancing network security measures. In short, we upgraded our network architecture and IT policies as part of the recovery efforts to ensure we emerged from this incident with an enhanced, secure operating environment.

I know that our clients place a great deal of trust in our teams and our solutions, and we are working to earn that confidence every day. We also are committed to continuing to share the hard-won lessons we have learned from this situation.

Because knowledge is power.

 

Follow us on LinkedIn and Twitter to learn more.

Additional links for reference:
New Ransomware Variant “Nyetya” Compromises Systems Worldwide
The MeDoc Connection
NotPetya – Everything you need to know

Satish Maripuri

About Satish Maripuri

Satish Maripuri is the executive vice president and general manager of Nuance Healthcare where he oversees the growth and success of the Healthcare division using his passion and strong leadership to drive impactful go-to-market strategies, global channels and operational performance that support client success. Satish joined the company in 2012 as the senior vice president and chief operating officer where he led all aspects of client delivery and operations and grew the division to nearly $1B over four years. Satish has had a distinguished career spanning 30 years at global organizations, including Solera Holdings, Lionbridge, Imprivata, Computervision and Schlumberger Technologies. Satish earned an M.S. in Computer Engineering form Northeastern University and a B.S. in Mechanical Engineering from Andhra University.