We Protect Your Business From Cyber Attacks



Blog Layout

Lessons Learned from the NotPetya Virus Attack

Ed Swartz • August 17, 2023

Key Lesson: Prevention is Better Than Doing Nothing

The Virus Infection

On a nice day in June 2017, the NotPetya virus infected hundreds of computers at the shipping giant Maersk, Copenhagen.

The attack cost the company $250 to $300 million dollars to fix, paid out millions to reimburse customers for unplanned or alternate shipping costs, and angering truckers.

Employees spent hours, days and weeks trying to rebuild the company’s IT environment and became exhausted from the effort.


The Maersk IT dept. delayed protecting their computers and servers against bad actors and harmful software.

They:

  • Did not install the latest updates\patches.
  • Did not upgrade to newer operating systems.
  • Did not backup all data.

Preparation & Protection

We slather on sunscreen when outside for extended periods of time to protect our skin from the sun.


We lock our house doors to protect ourselves and family from bad people.


Likewise, we should install security tools to protect our IT environment and business data from clever and persistent hackers.

 

In this article, we examine the protections Maersk delayed implementing and the problems they encountered due to the lack of protection.


Then, we’ll suggest what you can do to protect your business from malware and disaster.


We reviewed this Wired article for information on how Maersk left their IT environment open to cyberthreats:


Greenberg, Andy, 2018, ‘The Untold Story of NotPetya, the Most Devastating Cyberattack in History’, Wired, 22 Aug 2018, accessed August 2023 from Swartz, Ed’s home computer Sun City Center, FL USA.

Malware Can Spread Quickly

According to the Wired article, the NotPetya virus spread to almost every computer in Maersk’s IT environment within two hours.


The Wired article quoted, Craig Williams, director of outreach at Cisco’s Talos division:


“To date, it [NotPetya] was simply the fastest-propagating piece of malware we’ve ever seen.”


And, “By the second you saw it, your data center was already gone.”


How could you stop a malware attack on all of your computers once it has begun?

Latest Patches Not Installed

According to the Wired article, Maersk hadn’t installed the latest patches\updates on many of their computers, leaving open a security vulnerability.


The NotPetya virus exploited that vulnerability.


The virus was able to get usernames and passwords from unpatched systems and connect to other patched computers using those login credentials.


Do you have a bunch of computers that need to be updated?


You’d have to spend time and effort to running around to each of the computers, login, start the updates, monitor them, restart the computers, and confirm they restarted successfully.

Running Older Operating Systems

According to the Wired article, Maersk hadn’t upgraded some of servers running Windows 2000. Microsoft no longer supported this version of the operating system.


Had Maersk upgraded to the current version of Windows (and installed all the then currently available patches) they may have prevented the virus from doing bad things.


What’s delaying you from upgrading any older system you may have to the latest Windows version?


What would it cost you in revenue if that older system was attacked and you weren’t able to work on client projects nor help customers?

Not All Data Backed Up

According to the Wired article, Maersk IT staff, fortunately, backed up all their main servers. At the time of the attack, they purchased new laptops and restored backups to the new laptops. They were able to recover the main operations of the company because of these backups.


However, they had not backed up their domain controller (more techno-buzzwords, sorry) data.


By luck, they were able to recover the domain-controller data from a Maersk Indian office.


How much business revenue would you lose if a lesser known computer containing key business data & software is locked by ransomware and you can’t recover the data?

Local Data Lost

According to the Wired article, when Maersk IT staff rebuilt employee’s laptops, employees discovered that data they stored locally on their laptops was lost, including notes, contacts, and family photos.
 
I can only imagine the time and effort those employees spent to recover that lost information. L


This shows how important it is to backup entire laptops.

Vulnerable Microsoft 365 & Google Workspace Data

The Wired article didn’t mention whether Maersk was using Microsoft 365 and\or Google Workspace apps to store company data. If Maersk didn’t use those applications then they didn’t have to worry about NotPetya infecting or locking data stored in those apps.


However, suppose you are using Microsoft 365 and\or Google Workspace to store and share business files with all of your employees.


You may not know this, but if an employee accidentally deletes or a disgruntled employee deletes Microsoft 365 files, Microsoft can’t recover those files for you.


Also, Microsoft doesn’t detect malware or ransomware from infecting your Microsoft 365 or Google Workspace data.

Can’t Recover Data

Suppose ransomware infected your computers and encrypted (locked) your data. Usually, you pay a ransom to the hackers. That ransom could be from hundreds to tens or hundreds of thousands of dollars. The hackers, upon receiving the payment, send you a key you use to unlock your data.


In Maersk’s case the jumbled data couldn’t be unlocked or unjumbled.


Therefore, it would be futile to pay a ransom.

Suppose, a hacker infected your computers with ransomware and demanded payment. You send the money but the hacker never sends the key to unlock your data.
 
How do you recover your data?

Costs and Disaster

How would you recover if ransomware locked your business data and demanded payment of tens of thousands of dollars?


How would you work on client projects if your project files were lost due to accidental deletion or a disgruntled employee deleting them?


How would you explain to customers that you didn't protect your business files and you now can't run your business?

IT Security Warriors

We’ll be your remote IT security warriors to protect and defend your business against cyberattacks through these measures:

Audit Your IT Environment

We’ll run an audit to identify all of your desktop, laptops, and servers in your IT environment.


Then, we’ll create a plan to protect and backup all identified systems.

Remote Monitor

We’ll remotely monitor your system for alerts, server stability and performance.


We’ll know when something bad is happening and can fix the problem asap.

Install Latest OS Updates & Patches

We’ll ensure your computers and servers have the latest OS security updates and patches.


This will significantly reduce or eliminate the ability of malicious software from doing bad things to your computers.

Install Anti-Virus Software

We’ll install the best Anti-Virus (AV) software to detect and prevent malware from entering your computers and doing bad things.


The less bad software enters your IT environment, the less chance of bad things happening to your business data.

Backup Microsoft 365 & Google Workspace Data

We’ll setup a software agent for each employee to backup their Microsoft 365 & Google Workspace data.
 
Also, we’ll setup a software agent for each employee to detect and prevent malware from getting into your Microsoft 365 & Google Workspace data.


Should ransomware lock your data or a disgruntled employee maliciously delete files, we’ll restore your files in a timely fashion.

Backup Business Data

We’ll backup the entire operating system and your business data on all of your computers.


Should ransomware or malware infect your computers we can restore a known good working backup.
 
Then you can resume business operations.


Or, you can spin up a Virtual Machine (VM) and resume working on your business.

Quarterly Review

We’ll review with you on a quarterly basis the actions we’ve taken to protect your valuable business data.
 
We’ll report on malware detected by the Anti-Virus software, backup status, and any problems detected by our remote monitoring.

Summary: Avoidance – Not a Good Thing

You may be avoiding IT security for your IT environment because you think:

  • IT security is boring.
  • Bad things happen to someone else.
  • I’m a small fish. Who’s going to bother me?
  • I’m busy.
  • Our Microsoft 365 and Google Workspace files are protected.
  • And, IT staff is costly.


Avoiding protecting your IT environment could leave you open to vulnerabilities and huge costs to recover, lost customers and clients.


Hackers could infect your computers with ransomware and demand payment of tens or hundreds of thousands of dollars.


As your IT Security warriors, we’ll put into place the security measures and tools to protect your IT environment and your business from disaster.

Further Reading

The Wired article was excerpted from Andy’s book, Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers.


By Ed Swartz August 17, 2023
Procrastinating is Dangerous
By Ed Swartz August 10, 2023
Spin Up a Virtual Machine (VM)
By Ed Swartz August 10, 2023
Screenshot Verification is the Key
By Ed Swartz August 10, 2023
Shoulda Had a Backup!
More Posts
Share by: