The global NotPetya malware incident that affected us and thousands of other organizations worldwide was unprecedented. It was highly sophisticated, spread quickly, and caused harm.
Understandably, it also created a lot of confusion. Some initial media accounts were inaccurate and misconceptions about the incident continue to spread. That kind of uncertainty can create fear.
The key to combating that fear is knowledge. To that end, I’d like to share more about lessons learned from the NotPetya malware incident, to reduce uncertainty and help our clients feel confident in our systems going forward.
We know a lot about the NotPetya malware, including how it spreads and its functionality. We have compared the behaviors we have seen on our internal network with extensive research performed by the security community and the Department of Homeland Security (US-CERT).
Based on our research and the work of independent experts:
- NotPetya is not ransomware, as was initially reported by the media. NotPetya does not provide a legitimate method for decrypting files in exchange for paying a ransom.
- Patches alone were not able to stop NotPetya. Unlike some malware, patching alone would not have stopped the propagation of NotPetya. The malware also can spread via compromised credentials through two inherent windows management and administration tools that are active even on fully patched systems.
- NotPetya does not spread by email, by email attachments or by infecting other files. Research confirms that the malware does not have this capability.
Rest assured that we are putting this knowledge into action. We are enhancing our security against similar future incidents, including hardening the security configurations of endpoints, deploying advanced endpoint prevention and detection software, and enhancing network security measures. In short, we upgraded our network architecture and IT policies as part of the recovery efforts to ensure we emerged from this incident with an enhanced, secure operating environment.
I know that our clients place a great deal of trust in our teams and our solutions, and we are working to earn that confidence every day. We also are committed to continuing to share the hard-won lessons we have learned from this situation.
Because knowledge is power.
Follow us on LinkedIn and Twitter to learn more.
Additional links for reference:
New Ransomware Variant “Nyetya” Compromises Systems Worldwide
The MeDoc Connection
NotPetya – Everything you need to know