Nmedia - Fotolia
In this week's Risk & Repeat podcast, SearchSecurity editors discuss the NotPetya ransomware, its impact and the growing trend of sophisticated ransomware attacks.
The WannaCry and NotPetya attacks have shown an increased sophistication for ransomware, and enterprises may not be ready for it.
The NotPetya ransomware attacks last week followed the recent WannaCry worm, which infected hundreds of thousands of systems worldwide, and leveraged the same EternalBlue exploit as that attack.
While some mitigation techniques were discovered for NotPetya, this latest global ransomware attack showed increased sophistication compared to previous ransomware strains.
For example, along with using NSA exploits released by the Shadow Brokers, NotPetya leverages legitimate software tools such, as PsExec and Windows Management Instrumentation Command-line, to move laterally within a network and infect systems that may have already been patched for EternalBlue. The new ransomware also uses a version of the open source tool Mimikatz to steal administrator credentials from system memory.
Who's behind the NotPetya attacks? Are the threat actors trying to earn money, or is the ransomware simply a wiper in disguise? Are enterprise security teams ready for this wave of sophisticated ransomware? In this episode of the Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss those questions and more on the topic of the NotPetya attacks.
Risk & Repeat: RNC voter database exposed on Amazon Simple Storage Server bucket
Risk & Repeat: Symantec certificate issuance under fire again
Risk & Repeat: James Comey warns of more Russian hacking