What Happened
Yesterday another large malware outbreak occurred via Windows Machines affecting more than 200,000 computers. The attack started at an accounting system and then a second wave via phishing campaign with malware attachments.
Why called Petya?
Originally called Petya because the code initially appeared to be the same as an older ransomware version of Petya. However, it was soon decided it was different and multiple other names started to come out so NotPetya was soon adopted rather than deciding on another name.
Don't Pay
This should be inserted into company's policies if not already so decisions are made.
Patching and Backup
Still the basics here. Small amount of effort to save a lot of machines.
Not going to be the last
No one should be lost here on what to do, why it happened and what is going on. The quick amount of vendor emails on solutions and products and the security community jumping in shows how we are getting better and use to this.
Let's Beat the Bad Guys
Thankfully we have an awesome security community full of security pros that are there to help and assist with finding solutions, the root cause, a potential stop and brainstorming ideas on fixes.
Red Team Table Top
Going through scenarios live but pretend will help with future internal incident response crisis. Finding out gaps in your policies and identifying key players and seeing each other talk over a table when the stress is low and time to think is invaluable.
