NotPetya is not some cash-grab ransomware attack. It’s a highly evolved virus that some are speculating is the work of professionals.
There’s a new cyberattack ravaging Microsoft PCs worldwide, and it’s taking no prisoners. NotPetya is not some cash-grab ransomware attack. It’s a highly evolved virus that some are speculating is the work of professionals.
How does NotPetya work?
NotPetya is a mix of different malware tools. It’s similar to Petya (hence the name); uses open-source mimikatz code; and capitalizes on the NSA’s EternalBlue server message block (SMB), which was leaked by WannaCry, and the EternalRomance SMB.
The malware works by infecting PCs, digging up passwords, and spreading through an organization’s network of computers. It then scrambles data, so the user’s files are inaccessible. While NotPetya was demanding a ransom of $300 in Bitcoin to unscramble the data, security professionals say this attack wasn’t designed to make money. The email address that was being used to receive the payments was quickly shut down by the webmail server — something these smart hackers likely knew would happen.
Who is involved?
Investigators are still looking into the attack. Reports say NotPetya was predominantly spread through a hack into a tax software program which is popular in Eastern Europe. Email phishing may have also been involved, though to a much lesser extent.
What can I do?
Thousands of organizations around the world have been affected. Because money was likely not the motivation in this attack, there is little chance of recouping lost bytes with Bitcoins. You can take steps to protect yourself in the future, though
- Always back up your files. This is rule number one of cybersecurity, so that you aren’t left with nothing if your devices get infected. If the victims of the NotPetya cyberattack had backed up their files, they would have been able to carry on with their day.
- Make sure that security updates are patched to every device in your system. As companies produce software to help keep our data and ourselves safe, it’s important to ensure those updates are installed.
- Educate all of your staff on the importance of cybersecurity. We can’t protect everything all of the time, but implementing some standard best practices is a big first step.
As more and more devices in our smart buildings go online, we must develop simple security standards for both IT and OT systems. Our offices, our homes, and everything in between hang in the balance.