What you need to know about the recent NotPetya outbreak

by Amy Hitchmough on 24 Jul 2017


Late last month, whilst we were basking in some early summer sun, networks throughout the globe were busy attempting to fend off the latest ransomware outbreak to target Microsoft Windows PCs. The malware, dubbed Petya 2.0 or NotPetya because of the way it appeared to masquerade as a variant of the known Petya ransomware, took out businesses throughout the globe. Early victims included advertising conglomerate WPP, shipping goliath Maersk and the radiation monitoring systems in Chernobyl. Once inside a corporate network, this well-oiled destructive program wormed its way from computer to computer, trashing the infected machines’ filesystems.

NotPetya is said to have infiltrated corporate networks by disguising itself as an admin via a hijacked software update for a Ukrainian tax software tool. After infection, NotPetya forced PCs to reboot using the shutdown.exe tool. Upon restarting, it flashed up a screen that looked like CHKDSK. However, instead of checking the hard drive for faults, the malware was busy encrypting files. On boot up, it then displayed a ransom note asking for $300 in Bitcoins to be sent to a now-defunct email address.

Many felt that NotPetya had the hallmarks of being a state sponsored attack. This was because – despite the slick programming behind the fast-spreading malware – little effort was put into pocketing the loot. With the payment mechanism disintegrating so quickly, it appears likely that NotPetya was designed not to line the pockets of criminals as we saw a few weeks previously with WannaCry, but to spread merry mayhem.

As is so often the case in online attacks, we may never know the truth behind the source of the infection. But, Interpol and police forces in at least three countries are investigating the source and motivations behind the attacks.

One thing is for sure; NotPetya was yet another reminder of the importance of ensuring all your systems are fully patched and up-to-date. Because of the way NotPetya spread, it also highlighted the best practice of not allowing admins carte blanche over the network – and tightly limiting access to domain admins. This method of lateral movement of infection is becoming increasingly popular, especially in this era of the all-connected Internet of Things (IoT).

Ransomware is unfortunately now a consistent threat to companies of all shapes and sizes. A recent survey by WatchGuard highlighted that over a third (38%) of malware now gets past legacy AV. This means that a layered approach to security with services like IPS, sandboxing, and detection and response is critical. WatchGuard Total Security Suite, available with all Firebox appliances, provides strong defences against advanced malware and ransomware.

For more information on WatchGuard Total Security Suite call: 0333 101 9000 – Option 1 / email: hello@sysgroup.com

Thanks for reading all the way to the end!
We'd love 'it' if you shared this article.

Looking for support?

SysGroup install, maintain and configure WatchGuard products to fit your business

Expert Configuration, Emergency 24/7 Support

Help Me

Not sure what to choose?

Firewall, Unified Threat Management (UTM), Wireless and Virtual Solutions.

Help me Choose

Show Me
Contact Us