The third anniversary of the NotPetya ransomware attack has just passed. This was one of the most devastating cyber attacks recorded (as Digital Journal reported). It is thought that the total damages of the attack were in excess of $10 billion.
On Saturday, 27 June 2020, the infamous ransomware NotPetya turned three. On this day in 2017, more than 80 companies were initially attacked, including the National Bank of Ukraine, as Wired reports.
According to David Grout, CTO EMEA at FireEye, there remain lessons to be learned from the incident. With this, considers the steps that can be taken to prevent similar attacks in the future. This includes discovering and patching vulnerabilities before threat actors have an opportunity to exploit them.
Grout begins by casting an eye backwards: “This campaign impacted organisations in 65 countries”, noting that “in particular Ukraine was the primary target.” This signalled a Russian origin in the form the Sandworm group (who allegedly are state backed).
Noting how the attack was serious, Grout explains how the hacker group added a ransomware component. The legacy was for “NotPetya to change the world’s perception of ransomware and the potentially devastating impact it can have on businesses.”
Grout then turns his attention to the legacy: “The NotPetya attack set a new precedent: it showed the Sandworm group’s acceptance of wider collateral damage beyond the immediate Ukrainian targets, as the malware spread globally.”
In terms of key learning points, Grout recommends: “NotPetya highlighted the need for resiliency, backup and preparation, as well as the importance of being able to track and identify the perpetrators and understand their motives..”
Grout further advises that “if a discovered vulnerability can be exploited, it is highly likely that threat groups will use it, and continue to do so until it is fixed, inflicting untold damage.” This means that businesses need to understand their own systems and to run security audits.
Importantly, Grout concludes: “The NotPetya attack could have been mitigated by ensuring these updates to software were regularly conducted.”