nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
NotPetya ransomware attack cost us $300m – shipping giant Maersk

Silver badge

"He says he learned that there was nothing that could have been done to stop the attack"

Because a thing seems difficult for you, do not think it impossible for anyone to accomplish.

Marcus Aurelius

36
0
Bronze badge

Perhaps what they actually said was "there was nothing that could be done to stop an attack by a determined and skillful cracker targeting only our systems".

Which was not what happened, eh. Even then, I'd doubt it.

5
0
LDS
Silver badge

Stopping an attack once it begun, and is spreading very quickly, may not be that easy, especially when some upper managers don't like some systems being brought down to protect them, and they handle and monitor a lot of activities worldwide, and IT doesn't have a clear understanding of what's happening and fears disruptions. Mersk is not Facebook - if the latter halts nothing really happens, but when one of the biggest goods movers is unable to move them, ships can't load or unload, cargo can't be sorted, is a far different issue.

Probably in their situation they really had not the right policies to assess the situation, and stop it quickly enough and activate a contingency plan. Hope they learnt.

And hope it taught many other companies, that even if IT is not their core business, it's at the core of their business anyway.

3
0
Anonymous Coward

Easy to mitigate

-Patch your o/s monthly

-Regularly patch your Apps that open files (word/pdf etc) regularly

-Don't run an o/s or app that is no longer in patching support

- Don't let Apps connect to the internet to pull down their own updates in an Enterprise environment - test updates in a sandbox first then use your software deployment tools to push out tested updates

-Run anti-virus & update hourly and AV scan on demand all files

-Scan incoming email using AV and block .exe attachments

-Scan and block sites when web browsing using a web proxy and AV scanner

-Set web browsers to block adverts and flash

-Use a localhosts file to sinkhole malware and advert sites to 127.0.0.1

8
3
Silver badge
Trollface

Re: Easy to mitigate

Did you forget: -Get rid of Windows?

22
12
o p

Re: Easy to mitigate

Not0etya used afmin logins. Not vulnerabilities.

It was installed by sysadmins. It did not use internet access.

None of your procedures would help. Not a bit.

9
1
Mushroom

Re: Easy to mitigate

"Did you forget: -Get rid of Windows?"

Did you forget - they need to be able to do work from these computers... ;)

18
10
Anonymous Coward

Re: Easy to mitigate

One thing I can guarantee - if you think stopping all malware is "Easy to mitigate" then you either don't have much experience in a large company or you have your head buried in the sand. People who do things right definitely do not find it easy and will have a dedicated Security team or at least a dedicated security officer who have a full time job just managing the security of the enterprise.

If it was easy then they would be out of a job.

Anyone who has to do the security bit on the side to their main sysadmin job or it manager job will probably tell you that they fully understand the issue and it is a constant battleground and a lot of it involves crossing their fingers, or they are clueless.

Much of it the same for disaster recovery or general business continuity not easy at all, even if on paper you can convince yourself it is easy anything other than an SME or smaller will probably be hoping nothing major happens rather than being truly convinced that they can cope with any eventuality.

If I was to employ someone in IT security I would be looking for someone who says" it is difficult but I can ensure that xyz issues are covered and this is my strategy for emerging threats .. etc" rather than someone who says "it's easy, I can ensure you never have an issue" because I would know they don't have a clue.

10
1
Bronze badge

Re: Easy to mitigate

None of this owuld have heleped,

what they should have done is use a decent piece of accounting software not the swiss cheese Ukranian one they did.

1
2
LDS
Silver badge

"not the swiss cheese Ukranian one they did"

Probably their Ukrainian subsidiaries and other connected businesses didn't have much choice. Some accounting and tax reports are often very country-specific - because of the usual, complex local regulations.

3
0
Anonymous Coward

Use a localhosts file to sinkhole

What's the web proxy for? You can route anyway all web traffic through the proxy, even for those users who try to bypass it (although in my experience often those are the sysadmins themselves). In some environments, the proxy shouldn't backlist, it should whitelist and block everything else.

0
0
Silver badge

Re: Easy to mitigate

"Did you forget - they need to be able to do work from these computers... ;)"

Did you forget? They weren't able to.

1
1
Bronze badge

Re: Easy to mitigate

It's like China ..

You MUST USE the local government supplied software, don't use it , you are out of business.

The fact that it is supplied from fixed ip addresses over Http connections & auto installs & updates , has nothing to do with it.

Boy..... is a reckoning coming to China , once the malware writers start doing research into local government offices and their pisspoor requirements of "nepotism software" they force on local businesses.

0
0
Silver badge

He says he learned was told by the people who had f-cked up that there was nothing that could have been done to stop the attack...

FTFY

36
0
Silver badge
Happy

He says he learned was told by the people who had f-cked up that there was nothing that could have been done to stop the attack with the kind of funding the IT dept. had. The three IT guys were very vocal about it!

Fixed!

28
0
Silver badge
Facepalm

Medoc: PCI DSS Level 1 Compliant

Medoc: 'PCI DSS Level 1 Compliant, the highest level of data and payment protection'

'NotPetya initially attacks via a phishing email'

7
1
Silver badge

Re: Medoc: PCI DSS Level 1 Compliant

Must be a really good phish...

2
0
Silver badge

Re: Medoc: PCI DSS Level 1 Compliant

I think that's the wrong company - if you look at their main page you'll see this disclaimer at the top:

Please note that Medoc Computers Ltd has no connection with the Ukrainian company 'MEDoc'.

10
0
Silver badge
Meh

Funny that as we're still getting huge delays from Maersk containers in August

And they were trying to profit from the malware outbreak in July by charging extra for a "guaranteed" delivery slot, which they still failed to deliver on.

Bunch of bastards

12
0
Silver badge

"In the last week of the quarter we were hit by a cyber-attack" spoken by a business man . Like it wouldnt have been so bad mid quarter?

1
3

Well, the statement's part of an earnings report for the quarter, so it's logical to be phrased that way.

7
0
Silver badge

He says he learned that there was nothing that could have been done to stop the attack

Who the hell is he listening to in his IT department?

9
0
Megaphone

Re: He says he learned that there was nothing that could have been done to stop the attack

The cleaner?

5
0
Silver badge

Re: He says he learned that there was nothing that could have been done to stop the attack

The cleaner?

I'm surprised more places don't combine janitorial and IT. Same level of respect, same pay and almost the same work.

2
0
EJ

Re: He says he learned that there was nothing that could have been done to stop the attack

Listening to the folks who should have tightened up the company's defenses, but didn't, so instead of copping to their failures decided to frame it as impossible to defend against.

Time to pony up for an independent vulnerability assessment and get the real story, Maersk.

2
0
Silver badge
Joke

Maersk hit by NotPetya

They have a unique ability to rid the world of the scum that created/distributed this malware.

Once you find those bastards, lock them into a shipping container, and have an 'at sea' accident.

"Oops, that loose container fell from the ship!!"

"No big deal, it is only cargo!"

4
0
Silver badge

Re: Maersk hit by NotPetya

"Once you find those bastards, lock them into a shipping container, and have an 'at sea' accident."

They don't even need an accident. Just park it in some odd corner of a large depot and quietly delete the container's records from the system.

2
0
Anonymous Coward

Re: Maersk hit by NotPetya

NotPetya did that already.

0
0
Silver badge

"But with this and my skills, I had no intuitive idea on how to move forward.”

So, having no intuitive (?or any other) idea of what to do he took charge.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing