HOW TO MAKE NOTPETYA NOT YOUR PROBLEM


               4 CRITICAL STEPS ORGANIZATIONS MUST TAKE FOR RANSOMWARE

               DEFENSE

               by Noa Arias, Director of Marketing, Semperis

               The NotPetya attack took the world by storm when a compromised update of M.E.Doc financial
               software spread the virus across major corporations in Europe, encrypting files and demanding
               bitcoins in exchange for file decryption. Upon further investigation, impacted companies learned
               there was no way to decrypt infected files and spent days and, in some cases, weeks trying to
               repair  the  damage.  The  real  shocker?  The  astronomical  costs  associated  with  virus-related
               downtime. As each impacted organization reported their quarterly results, it became evident that
               the total monetary impact of the NotPetya virus was more than a billion dollars.

               While  NotPetya  ransomware  authors  may  have  asked  for  100  bitcoins  (or  $250K  in  regular
               currency)  in  exchange  for  decrypting  victim’s  files,  the  actual  cost  of  the  attack  was
               exponentially greater. The virus hit industry giants Maersk, FedEx, Mondelez, Reckitt-Benckiser
               and Merck hardest, halting operations and leading to a combined estimated loss of over $1.2B
               dollars. In addition to financial losses, both Mondelez and Reckitt-Benckiser said goodbye to a
               few C-level executives post-attack.

               Preventing Ransomware Attacks

               Ransomware attacks on enterprises are escalating both in frequency and complexity. As seen
               in  the  Petya/NotPetya  attack,  cyberattackers  are  employing  more  sophisticated  methods  of
               attack,  spreading  malware  through  the  enterprise  software  (i.e.  accounting  software)  to
               maximize reach and impact. Subsequently, the total average cost of cybercrime is increasing at
               a rate of 23% annually, mostly due to information loss and business disruption.

               Enterprises that employ identity and access management (IAM) technology are able to save, on
               average,  roughly  $2.4MM  in  cybercrime  costs.  Therefore,  in  order  to  protect  against
               ransomware attacks and the associated costs, organizations need to put into place systems and
               processes to protect their enterprise identity. This includes:

                   1.  Solid  Patch  Deployment  Processes:  NotPetya  was  able  to  infect  victims  through  a
                       Windows SMBv1 vulnerability dubbed “EternalBlue”. Microsoft had released a security
                       update,  MS17-010,  to  resolve  the  SMBv1  vulnerability  just  three  months  prior  to  the
                       Petya attack which, had it been deployed, would have prevented the spread of the virus
                       for the companies that were attacked.

                   2.  Employee Education: According to the Verizon Data Breach Investigation Report, more
                       than half of all malware attacks are caused by malicious email attachments, so training
                       employees to recognize and report any suspicious email activity is crucial in preventing
                       malware attacks.



                   35    Cyber Defense eMagazine – November 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.