Heroic Notpetya Recovery And The Case For Prevention Over Cures

‘Heroic’ NotPetya Recovery and the Case for Prevention Over Cures

Arraya Insights | February 6, 2018

New details have emerged concerning one company’s efforts to recover from last summer’s NotPetya attacks and they definitely call to mind that old cliché about an ounce of prevention equaling a pound of cure. Maersk, the world’s largest shipping company, was one of many organizations that fell victim to the outbreak, which initially appeared to be ransomware, but was soon discovered to be far worse. Rather than hold data hostage, NotPetya destroyed it regardless of whether victims agreed to pay up. Faced with a decimated technology environment and the prospect of roughly one-fifth of the world’s shipping containers sitting in limbo, Maersk’s IT team went to work, launching a recovery effort that has been dubbed “heroic” – and that may have also been entirely avoidable.

While speaking as part of a cyber security panel in Davos, Switzerland, Jim Hagemann Snabe, Maersk’s Chairman, admitted his company essentially needed to reinstall an “entire infrastructure” in the aftermath of NotPeya. For Maersk, this meant something like 4,000 servers, 45,000 PCs, and 2,500 applications – or about six months’ worth of work for IT. Instead, Maersk’s IT initiated an almost superhuman response, rebooting its entire environment in just ten days.

As IT was undoubtedly burning the candle at every possible end, the rest of Maersk’s team fell back on manual methods to keep the company’s shipments moving and minimize the impact of the attack on the firm’s customers. All told, Maersk estimates it was able to cover about 80% of its shipping volume during the time spent recovering its infrastructure.

These efforts, from both IT and the operational staff, are certainly commendable; a testament to the organization’s ability to absorb what could have been a devastating blow. They were also a monumental undertaking that few organizations beyond a global giant such as Maersk could have mustered. Furthermore, it’s worth noting that the team’s recovery heroics would not have even been necessary had NotPetya been kept at bay in the first place.

An ounce of prevention, a pound of cure

Ultimately, the NotPetya-inflicted hardships that befell Maersk and others should never have come to pass. Back in June, as NotPetya was laying waste to IT infrastructures, Tom Clerici, Arraya’s Cyber Security Practice Director said of the malware: “Just like WannaCry, if all your systems are patched, you’re protected. It’s really that simple.” Of course, when IT’s to-do list begins to overflow, basic duties like patching are often one of the first things set aside. This leaves the door open for cyber criminals and the inevitable pound of cure their activities summon.

Organizations can simply no longer afford to treat patching and basic security hygiene as an afterthought. This rings even more true in light of another piece of NotPetya news that came out last month. The CIA has pinned blame for NotPetya on hackers linked to the Russian military, believing it to be another battle in the ongoing conflict between Russia and the Ukraine. With hackers now serving as the foot soldiers of geopolitical digital warfare, the risk is simply too great for businesses to do anything less than everything possible to keep from getting swept up in the fight.

Is your organization struggling to stay up to date with patching and other Security 101 tasks? Arraya’s Managed Security Services can help. As part of these services, Arraya’s personnel function as an extension of onsite IT, providing 24/7/365 network monitoring and alerts, valuable employee training, and additional bandwidth capable of ensuring an organization’s IT infrastructure is patched and ready for what today’s cyber criminals have in store. Arraya’s Managed Security Services can ensure organizations never have to choose between the basic security hygiene businesses need and the innovations they rely on for a competitive edge.

Learn more about Arraya Managed Security Services by visiting us at https://www.arrayasolutions.com/contact-us/. Also, feel free to leave any questions or comments you have regarding this or any of our blogs on our social media pages: LinkedIn, Twitter, and Facebook. While you’re there, follow us to stay in the loop with our latest industry insights, unique learning opportunities, and company news.