Petya/Peyra- Ransomware or wiper?
For all of the discussion over the petra/pnetya/petya ransomware/wiper malware, what is abundantly clear is the requirement to implement more effective cybersecurity controls. It is self-evident that the decisions on which controls to select will depend upon an enterprise’s security posture and risk appetite. However, notwithstanding these operational choices, there are some eternal principles that should be applied:
1. Due Diligence. Patch your systems, hackers will then need to steal legitimate credentials (eg phishing emails) or achieve unauthorised access to your critical data/ information through the exploitation of a “zero-day” vulnerability.
2. Worse case scenario. Assume legitimate credentials will be used in an unauthorised manner – analysis of normal legitimate user should provide early warning.
3. Damage limitation. Implementation of network segmentation and separation of duties - supports the principle of least privilege and thus limits potential damage
4. Knowledge. A comprehensive understanding of your own network, systems and applications operating processes, vulnerabilities and quirks, followed by a prioritised security programme is the best way to defend yourself.
5. Business Continuity/Disaster Recovery. Routinely practice your BC/DR procedures and ensure your business/enterprise can continue to operate.