Blog

Ransomware

Darktrace’s perspective on the NotPetya attack

Darktrace’s perspective on the NotPetya attackDefault blog imageDefault blog image
29
Jun 2017
29
Jun 2017

The ‘ransomware’ attack sweeping the globe is yet another demonstration of the decreasing usefulness of the traditional cyber defense approaches. Businesses cannot rely on patching vulnerabilities fast enough, and a NotPetya patch would only protect you against yesterday’s attack but will not be able to stop tomorrow’s.

An interesting difference to last month’s WannaCry attack is that it could spread from victim to new victim directly over the internet. Whilst this one can also spread quickly within organizations, Petya (or NotPetya) has not spread across the internet. The good news is that if you haven’t been affected yet, it is unlikely you will be.

At first glance, this might look like conventional ransomware, but it has emerged that the system for paying the criminals and decrypting data doesn’t work. This means that regardless of whether monetization was the original motive or not, it will feel like sabotage from the victims’ perspective.

Questions regarding whether the attack was a targeted one or not are in this case legitimate, as the initial deployment was via poisoning legitimate accountancy software heavily used in Ukraine and Ukrainian city websites. A majority of businesses affected would have been operating in the Ukraine area, or connected to them via their supply chain.

How many more warnings do we need that relying on stopping attacks seen in the past just isn’t enough? The latest advances in AI mean that autonomous technology can now detect and fight back against any in-progress threats within a company network, buying the security teams time to investigate.

In our tests, Darktrace has confirmed the ability to autonomously respond to NotPetya, neutralizing the threat in seconds. Enterprise Immune System technology works because it doesn’t rely on rules or signatures. It takes defensive action before humans have time to react, and is the only realistic way that security teams will scale to the increased speed and diversity of future attacks.

Like this and want more?

Receive the latest blog in your inbox
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
INSIDE THE SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
AUTHOR
ABOUT ThE AUTHOR
Dave Palmer
Advisor
USE CASES
No items found.
PRODUCT SPOTLIGHT
No items found.
COre coverage
No items found.
This Article
Darktrace’s perspective on the NotPetya attack
Share
Twitter logoLinkedIn logo

Related Articles

No items found.

Good news for your business.
Bad news for the bad guys.

Start your free trial

Start your free trial

Flexible delivery
You can either install it virtually or with hardware.
Fast install
Just 1 hour to set up – and even less for an email security trial.
Choose your journey
Try out Self-Learning AI wherever you most need it — including cloud, network or email.
No commitment
Full access to the Darktrace Threat Visualizer and three bespoke Threat Reports, with no obligation to purchase.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Get a demo

Flexible delivery
You can either install it virtually or with hardware.
Fast install
Just 1 hour to set up – and even less for an email security trial.
Choose your journey
Try out Self-Learning AI wherever you most need it — including cloud, network or email.
No commitment
Full access to the Darktrace Threat Visualizer and three bespoke Threat Reports, with no obligation to purchase.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.