You are here
Not Petya or Ransomware
The media was certainly quick to flame the story that the 'NotPetya' ransomware was sweeping the globe in pandemic proportions.
To put things in perspective, this Ransomware affected an order of magnitude fewer computers than Wannacry, and it exploits the same Windows vulnerability that we have know of for months. Furthermore, if you have upgraded or patched your system or are using any antivirus software, then you are not likely to be affected.
There are a few interesting characteristics of the malware:
- It is more damaging than WannaCry (if you are infected) because it propagates better and has no obvious global kill switch (although there appears to be a pause button);
- The ransom component is broken by design. There is no means of making payment or getting tour computer unlocked. This has lead analysts to conclude that ransom was never the intent. Rather, this was meant and a disruptive attack disguised as ransomware. Once a victim's computer is encrypted the only solution is to reformat and start from clean backups.
- Patient zero was Ukrainian financial community - fueling speculation that this was a state sponsored targeted attack by Russia. If so, they it was poorly thought out, because the infection quickly spread to Russia and across the Internet with not coherent targeting agenda.
The lessons relearned from this out break are:
- Upgrade, Patch, Antivirus/Malware, Backup;
- The contagion vector for Malware or any toxic content, including alt-news, propagates along the critical interdependencies organizations/people have with one another. Defenders need to measure these interdependences to fully appreciate their attack surface, risk conductance and the most like threat vectors. Attackers need to calculate interdependencies so their attacks don't get away from them or blow back in their faces.