NotPetya is just the latest of several significant ransomware incidents in the past two months. NotPetya has impacted countries and industries around the world with particular emphasis on Ukraine. Sharing the name with the original “Petya” attack, this variant spread using the EternalBlue vulnerability in Microsoft Windows or through two Windows administrative tools. The malware tries one option and if it doesn’t work, it tries the next one.
If you’ve been infected by NotPetya and you haven’t backed up your data, there is very little possibility of retrieving that data now that the email to pay the bitcoin ransom has been taken down. For the clear majority of companies who were unaffected, it is imperative to ensure you back up your data, your Windows systems are up-to-date and you pursue these baseline actions:
- Run SAINT authenticated vulnerability scans of all Windows hosts to identify systems that have not been updated with critical patches, particularly from the March Microsoft Patch Tuesday update cycle.
- Use SAINT’s tutorial information to identify specific Microsoft bulletin references and patch details to remediate against this attack.
- For quick cross referencing, check out these relevant vulnerabilities: CVE 2017-0143; CVE 2017-0144; CVE 2017-0145; CVE 2017-0146; CVE 2017-0147; CVE 2017-0148.
Unfortunately, this will not be the last ransomware attack we see hit businesses. Nevertheless, there are several steps companies can take right now to better prepare themselves so future occurrences are a blip on the map.
- Re-assess your critical assets across your environment and track them based on the criticality to the business.
- Never view patch management as a low priority activity. Act on every new patch. Remember, fast and effective response to critical exposures is fundamental to vulnerability and cyber risk management.
- Schedule recurring scans within defined scanning time-based “windows. This ensures reassessments and validation are conducted within the context of approved procedures, while identifying new, pre-existing or reintroduced vulnerabilities that need to be addressed.
SAINT’s vulnerability management capabilities span a wide range of most-often deployed and special-purpose technologies to identify operating system and software vulnerabilities and patch deficiencies, Microsoft Patch Tuesday assessments, web applications vulnerabilities and risk exposures, state of anti-virus installations, configuration assessments based on industry-standard best-practices and exposure of sensitive content.