Cyber Security Experts: NotPetya isn’t Ransomware – It’s Cyber Warfare

CYBER SECURITY EXPERTS SCREAM: IT’S NOT ABOUT MONEY, IT’S ABOUT INFLUENCE!

What will it take for the world to believe that cyber warfare, like the latest NotPetya Attack, is real and it is HERE NOW?

Will it take your company ceasing operations for the day, as hundreds of companies in at least 64 countries were forced to do?

Will it take your long-awaited surgery being cancelled, as occurred for many patients at Heritage Valley Health Systems in Pittsburgh?

Or will it ultimately take people dying (think power grids, airport operations, nuclear power plants being controlled) before everyone takes notice?

We read the headlines: another ransomware attack has hit– blah, blah, blah. It almost gets annoying hearing about them! Until you really think of the implications above. Yes, this time it mostly affected Ukraine, but someday, it will be YOU AND ME!

So, back to a brief recap in case you are one of the people who skipped the headlines. (Hopefully I’ve scared you just a little bit now so you’ll care to read on)

  • On Tuesday, May 27, 2017, an attack was launched which at first appeared to be a follow up to the WannaCry ransomware attack.
  • Ukraine was the main target (the attack appeared to have been intended to hit the day before a holiday marking the adoption in 1996 of Ukraine’s first Constitution after its break from the Soviet Union) but it quickly spread to other countries, even a few in Russia (which came through fairly unscathed…hmmm)
  • At first, ransomware notices appeared, but researchers soon determined those were probably a smokescreen to hide the fact that this is cyber warfare, not a new version of Petya that spread in 2016. Matt Suiche from Comae Technologies notes:”We believe the ransomware was in fact a lure to control the media narrative, especially after the WannaCry incidents to attract the attention on some mysterious hacker group rather than a national state attacker like we have seen in the past in cases that involved wipers such as Shamoon.”

So it’s cyber warfare, not ransomware—what does that mean?

  • NotPetya is a destructive disk wiper – THEY DON’T CARE ABOUT THE MONEY, BUT ABOUT DESTRUCTION AND DISRUPTION. It is more an instrument of war than of finance.
  • It does not delete any data but simply makes it unusable by locking the files and then throwing away the key. The end result is the same; you never get a chance to recover your files.
  • It is used for political purposes and for their destructive effects, not for monetary gain.

Could it have been prevented?
YES, YES, YES!

Microsoft released patches related to these known vulnerabilities in MARCH! Obviously, some companies and individuals chose not to deploy these fixes, because they continue to think that they won’t pay the price (or they just aren’t paying attention). Attacks like this prey upon KNOWN VULNERABILITIES that could have and should have been solved last year. A good patch-management protocol would have eliminated the threat from your organization, period.

 

Cyber security experts like myself suggest the following steps to ensure you are as prepared as possible against future attacks:

  • Enforce effective password protection or implement password management software to ease the convenience burden
  • Segment your network so that all areas are not connected all the time. When one area goes down, you haven’t lost your entire computing footprint.
  • Define your critical data and know where it lives (servers, cloud, laptops, databases, mobile devices, workstations, etc.)
  • Apply security patches religiously and regularly according to a well-though out roll-out plan that minimizes downtime
  • Implement multi-factor authentication for employee logins
  • Have commercial-grade backups so that if you have to restore your entire data organization, it can be done quickly and effectively. Test your backup protocol annually to make sure it works when needed.
  • Ensure that you have a firewall between you and the internet (preferably configured to default deny everything but legitimate traffic)
  • Keep anti-virus, 3rd-party spam filters and intrusion detection software up-to-date as well as workplace applications
  • Provide memorable security awareness training regularly for your employees

Listen, I’m telling you now that next time, it will be your data that is locked up, and at that point it will be too late, unless you have taken the steps above (and others) to defend the data that pays your check every week.

John Sileo is an an award-winning author and keynote speaker on the human element of cyber security. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.