At least with Ransomware the motive of the attacker is a clear-cut desire for money and for a modest sum you could usually get a key to decrypt your data (I’ve never taken a stand on whether you should pay the ransom and I’ve always thought whether you pay or not, the much bigger loss by several factors was the incident related costs).
But with Petya.2017 or NotPetya we open a new chapter in malware as simply destructive weapons. Basically, a cyber-bomb. There’s been destructive malware in the past but it was usually associated with some small nihilistic script-kiddie with no particular agenda. NotPetya is apparently the advent of state-sponsored and/or terrorist sponsored malware. Kaspersky suggested there could be a financial angle to it as currency manipulation.
This is an important development because it’s much, much easier to destroy than it is to encrypt. Ransomware is very “loud” in terms of its I/O and data change activity. There are patterns that security software can and does look for. But if your purpose is simply to wreak havoc on a victim organization or country, you quietly spread your agent to as many systems as possible and then at a pre-scheduled moment or upon a signal via some social media site all agents trigger the logic bomb that renders the system inoperable.
In this real training for free webinar we’ll review what NotPetya really does and why it’s NOT ransom. Then we’ll look at how this ups the ante in terms of how you architect your environment to limit blast radius.
My sponsor, Skyport, is helping customers recover from a NotPeya, and they have learned some important lessons.
If malware is motivated to spread quickly and destroy, you must think about security as an architectural problem. This means you must think beyond detection and prevention -- and focus on containing the damage.
Limiting blast radius in your environment means you must first isolate and protect the critical systems like DNS, Active Directory, DHCP. How do you recover your systems of record when the core services of your data center aren’t running? Next, protect and contain the increasing number of cloud-connected applications and shadow IT services that routinely punch through your perimeter.
Please join us for this real training for free event and let’s take an architectural approach to harden against the next attack.