NotPetya: Devastating Cyber Attack That Caused Ultimate Turmoil

NotPetya

NotPetya cyber-attack left every IT professional dumbstruck! Too many organizations were affected and there was no way to recover from data or financial loss. A few reports claim that this was a work of Russian Government while others deny it. This attack surely gave rise to a very chaotic situation but was not considered as cyber warfare! Why? What is this NotPetya Ransomware? Why it was able to cause large scale destruction? Read the blog till the end and you’ll get all the answers!

Source: digitalguardian.com

 

What Is NotPetya?

NotPetya belong to family of Petya ransomware that encrypts files and folders on the attacked system. It was discovered in 2016 and extorted a lot of people. As people were unaware about the attack, when asked for ransom amount, they paid it and became victim of a huge scam! For those, who do not know how ransomware attacks work, the attackers encrypt all the files on the system under attack. Furthermore, they ask ransom amount in form of cryptocurrency to decrypt the files. However, there is no assurance of getting the files back!

This ransomware basically attacks Microsoft Windows system and infects the master boot record and execute a payload. This encrypts files in the hard drive of the system and prevent the system from booting up. Only a warning screen is depicted which displays that the system files are being encrypted.

Source: engadget.com

Why the name resembles so much with Petya?

Both Petya and NotPetya are ransomware that have affected thousands of systems in 2016 and 2017. Also, both ask for ransom amount to decrypt the files. However, both of them are destructive and dangerous in their own way as well. Petya is just a standard ransomware that demands Bitcoin to decrypt files. On the other hand, NotPetya is well equipped with efficient tools that help it in spreading swiftly and infect more computers.

Why Name Of NotPetya Is Coined Each Time When Cyberwar Is Mentioned?

Author of the book “Sandworm,” Andy Greenberg is someone who is continually trying to guide people about cyberwars. He tagged NotPetya as a Russian cyber weapon. He claims that it was built in a way that it disguised itself as criminal ransomware. This was efficient in identifying and destroying keys or systems that were associated to Ukrainian network.

Source:techrepublic.com

 

Also Read : Hacks To Protect Customers Data From Cybersecurity Threats

Ukraine suffered a lot because of this, but this ransomware had a disturbing bug. It was designed to adversely affect only the systems associated to Ukraine, but instead it affected the tech giants of the world. As this attack was from overseas, it was first looked upon as a cyber war. However, the claims were scratched off soon. But why?

What Made Experts Deny The Fact That NotPetya Was An Act Of Cyberwar?

The security experts convey that NotPetya cyber-attack was certainly disastrous, but it doesn’t qualify for the tag of cyber war. You ask why? Well because the impacts were only economic and were focused on infrastructure of civilians only. Also, the goal of attacker was nowhere near to “coercion or conquest.” NotPetya cyber-attack was not an act of war and military didn’t get any benefit from this. The victims included logistics and pharmaceuticals which were civilians and were nowhere in connection with military. Furthermore, this attack was not backed up by military. Although there are rumors, but no solid evidence can be provided for the same.

This clarifies that the attack cannot be called a cyber war under the existing rules of cyber warfare.

Source: indianexpress.com

What This Attack Taught Security Experts Across The Globe?

Notpetya cyber-attack enlightened various crucial lessons for cybersecurity experts. A few of them have been listed below. Read further to know about them!

Cyber Resiliency Is Task Of The Entire Team

If we take a look the list of top-ten risks, then cyber threats tops in it. Various businesses are continually spending a hefty amount for securing their front-end security. However, security of any organization cannot be left on the hands of one team solely! It is a responsibility that is needed to be shared equally by all employees.

Specific Disaster Recovery Vulnerabilities Should Be Addressed

Cold site disaster recovery is outdated, and the DR sites are connected through WAN. And thus, the data is being replicated which makes modern day DR vulnerable. Also, DR solutions are designed poorly. Simply put, they are designed without considering the fact that cyber-attacks can be witnessed anytime. Therefore, all the DR vulnerabilities should be addressed no matter what.

Know About The Scale Of Challenges

Checking the DR capabilities for single data center is not enough. Unlike the mechanical attacks, the cyber-attacks can spread swiftly and attack any number of devices. Recovery of the loss thus caused may take days and thus while checking DR capabilities make sure find the scale of threats and try to patch them as soon as possible.

Source: securitythinkingcap.com

Must Read : Cyber-Kinetic Attack: A Reality Or Myth?

Look Out For Shadow IT, Supply Chain And Operational Technology

NotPetya ransomware attacked via DevOps environment which was quite shocking. Internet of Things is certainly connecting every gadget and collecting their data, but don’t you feel, it is making us vulnerable as well? So, look for every possible gateway that might guide malware to your system.

If you are thinking there is a way to get past this destructive attack, then you are certainly mistaken. There are yet no proven methods which can save us from any type of ransomware attack. No matter how efficient our network is, we are still vulnerable. The barbaric actions of the NotPetya cyber-attack are still not patched completely. Also, the experts have predicted that this ransomware can appear as convulsion in different parts of the world or reoccur taking more destructive form larger form. Yes, we cannot get ultimate protection but that does not imply we should forget the basic rules.

One should always strong and unique passwords, not click on the fishy attachments, stay wise and adapt every measure possible because this family of ransomware is here to stay! What do you think?