On a nice day in June 2017, the NotPetya virus infected hundreds of computers at the shipping giant Maersk, Copenhagen.
The attack cost the company $250 to $300 million dollars to fix, paid out millions to reimburse customers for unplanned or alternate shipping costs, and angering truckers.
Employees spent hours, days and weeks trying to rebuild the company’s IT environment and became exhausted from the effort.
The Maersk IT dept. delayed protecting their computers and servers against bad actors and harmful software.
They:
We slather on sunscreen when outside for extended periods of time to protect our skin from the sun.
We lock our house doors to protect ourselves and family from bad people.
Likewise, we should install security tools to protect our IT environment and business data from clever and persistent hackers.
In this article, we examine the protections Maersk delayed implementing and the problems they encountered due to the lack of protection.
Then, we’ll suggest what you can do to protect your business from malware and disaster.
We reviewed this Wired article for information on how Maersk left their IT environment open to cyberthreats:
Greenberg, Andy, 2018, ‘The Untold Story of NotPetya, the Most Devastating Cyberattack in History’, Wired, 22 Aug 2018, accessed August 2023 from Swartz, Ed’s home computer Sun City Center, FL USA.
According to the Wired article, the NotPetya virus spread to almost every computer in Maersk’s IT environment within two hours.
The Wired article quoted, Craig Williams, director of outreach at Cisco’s Talos division:
“To date, it [NotPetya] was simply the fastest-propagating piece of malware we’ve ever seen.”
And, “By the second you saw it, your data center was already gone.”
How could you stop a malware attack on all of your computers once it has begun?
According to the Wired article, Maersk hadn’t installed the latest patches\updates on many of their computers, leaving open a security vulnerability.
The NotPetya virus exploited that vulnerability.
The virus was able to get usernames and passwords from unpatched systems and connect to other patched computers using those login credentials.
Do you have a bunch of computers that need to be updated?
You’d have to spend time and effort to running around to each of the computers, login, start the updates, monitor them, restart the computers, and confirm they restarted successfully.
According to the Wired article, Maersk hadn’t upgraded some of servers running Windows 2000. Microsoft no longer supported this version of the operating system.
Had Maersk upgraded to the current version of Windows (and installed all the then currently available patches) they may have prevented the virus from doing bad things.
What’s delaying you from upgrading any older system you may have to the latest Windows version?
What would it cost you in revenue if that older system was attacked and you weren’t able to work on client projects nor help customers?
According to the Wired article, Maersk IT staff, fortunately, backed up all their main servers. At the time of the attack, they purchased new laptops and restored backups to the new laptops. They were able to recover the main operations of the company because of these backups.
However, they had not backed up their domain controller (more techno-buzzwords, sorry) data.
By luck, they were able to recover the domain-controller data from a Maersk Indian office.
How much business revenue would you lose if a lesser known computer containing key business data & software is locked by ransomware and you can’t recover the data?
According to the Wired article, when Maersk IT staff rebuilt employee’s laptops, employees discovered that data they stored locally on their laptops was lost, including notes, contacts, and family photos.
I can only imagine the time and effort those employees spent to recover that lost information. L
This shows how important it is to backup entire laptops.
The Wired article didn’t mention whether Maersk was using Microsoft 365 and\or Google Workspace apps to store company data. If Maersk didn’t use those applications then they didn’t have to worry about NotPetya infecting or locking data stored in those apps.
However, suppose you are using Microsoft 365 and\or Google Workspace to store and share business files with all of your employees.
You may not know this, but if an employee accidentally deletes or a disgruntled employee deletes Microsoft 365 files, Microsoft can’t recover those files for you.
Also, Microsoft doesn’t detect malware or ransomware from infecting your Microsoft 365 or Google Workspace data.
Suppose ransomware infected your computers and encrypted (locked) your data. Usually, you pay a ransom to the hackers. That ransom could be from hundreds to tens or hundreds of thousands of dollars. The hackers, upon receiving the payment, send you a key you use to unlock your data.
In Maersk’s case the jumbled data couldn’t be unlocked or unjumbled.
Therefore, it would be futile to pay a ransom.
Suppose, a hacker infected your computers with ransomware and demanded payment. You send the money but the hacker never sends the key to unlock your data.
How do you recover your data?
How would you recover if ransomware locked your business data and demanded payment of tens of thousands of dollars?
How would you work on client projects if your project files were lost due to accidental deletion or a disgruntled employee deleting them?
How would you explain to customers that you didn't protect your business files and you now can't run your business?
We’ll be your remote IT security warriors to protect and defend your business against cyberattacks through these measures:
We’ll run an audit to identify all of your desktop, laptops, and servers in your IT environment.
Then, we’ll create a plan to protect and backup all identified systems.
We’ll remotely monitor your system for alerts, server stability and performance.
We’ll know when something bad is happening and can fix the problem asap.
We’ll ensure your computers and servers have the latest OS security updates and patches.
This will significantly reduce or eliminate the ability of malicious software from doing bad things to your computers.
We’ll install the best Anti-Virus (AV) software to detect and prevent malware from entering your computers and doing bad things.
The less bad software enters your IT environment, the less chance of bad things happening to your business data.
We’ll setup a software agent for each employee to backup their Microsoft 365 & Google Workspace data.
Also, we’ll setup a software agent for each employee to detect and prevent malware from getting into your Microsoft 365 & Google Workspace data.
Should ransomware lock your data or a disgruntled employee maliciously delete files, we’ll restore your files in a timely fashion.
We’ll backup the entire operating system and your business data on all of your computers.
Should ransomware or malware infect your computers we can restore a known good working backup.
Then you can resume business operations.
Or, you can spin up a Virtual Machine (VM) and resume working on your business.
We’ll review with you on a quarterly basis the actions we’ve taken to protect your valuable business data.
We’ll report on malware detected by the Anti-Virus software, backup status, and any problems detected by our remote monitoring.
You may be avoiding IT security for your IT environment because you think:
Avoiding protecting your IT environment could leave you open to vulnerabilities and huge costs to recover, lost customers and clients.
Hackers could infect your computers with ransomware and demand payment of tens or hundreds of thousands of dollars.
As your IT Security warriors, we’ll put into place the security measures and tools to protect your IT environment and your business from disaster.
The Wired article was excerpted from Andy’s book,
Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers.