NotPetya holds the crown as one of the most destructive cyberattacks in our history, costing over $10 billion in damages in 2017 alone. It spread around the globe and infected thousands of machines in less than 3 hours.
The uniqueness of the NotPetya malware was that, unlike its less successful predecessor (the Petya malware), it aimed to destroy rather than blackmail. The attackers tweaked the key (on the ransomware notification screen) so it was no longer valid, which means that NotPetya was just destructive malware. The attack acted as a wake-up call for many companies and highlighted that virus do not respect corporate, political, or geographic boundaries, meaning that your organisation could simply become collateral damage when a business partner is attacked. In fact, some of the biggest damages were suffered by shipping giant Maersk – 45,000 computers got encrypted, including all but one of their Active Directory Domain Controllers, and lucky for them because, as one Maersk IT Staffer mused; “If we can’t recover our domain controllers…we can’t recover anything.”
Maersk learned that the recovery of Active Directory is not only critical, but uniquely challenging. Organisations must ensure they have a dedicated AD recovery plan in place to get their business back up and running as quickly and securely as possible. Unlike conventional weapons, cyber weapons can essentially be picked up and repurposed by the enemy, and companies need to be prepared for recovery, by prioritising, planning, and testing at least annually, especially as there’s always the possibility that some vulnerabilities cannot be patched.