Darktrace’s perspective on the NotPetya attack
The ‘ransomware’ attack sweeping the globe is yet another demonstration of the decreasing usefulness of the traditional cyber defense approaches. Businesses cannot rely on patching vulnerabilities fast enough, and a NotPetya patch would only protect you against yesterday’s attack but will not be able to stop tomorrow’s.
An interesting difference to last month’s WannaCry attack is that it could spread from victim to new victim directly over the internet. Whilst this one can also spread quickly within organizations, Petya (or NotPetya) has not spread across the internet. The good news is that if you haven’t been affected yet, it is unlikely you will be.
At first glance, this might look like conventional ransomware, but it has emerged that the system for paying the criminals and decrypting data doesn’t work. This means that regardless of whether monetization was the original motive or not, it will feel like sabotage from the victims’ perspective.
Questions regarding whether the attack was a targeted one or not are in this case legitimate, as the initial deployment was via poisoning legitimate accountancy software heavily used in Ukraine and Ukrainian city websites. A majority of businesses affected would have been operating in the Ukraine area, or connected to them via their supply chain.
How many more warnings do we need that relying on stopping attacks seen in the past just isn’t enough? The latest advances in AI mean that autonomous technology can now detect and fight back against any in-progress threats within a company network, buying the security teams time to investigate.
In our tests, Darktrace has confirmed the ability to autonomously respond to NotPetya, neutralizing the threat in seconds. Enterprise Immune System technology works because it doesn’t rely on rules or signatures. It takes defensive action before humans have time to react, and is the only realistic way that security teams will scale to the increased speed and diversity of future attacks.