Would you believe that multi-billion dollar, worldwide companies have security issues? No one is completely immune to secuity issues, but it is surprising when one sees an entire worldwide company brought to its knees. Our CEO witnessed this first hand in July of 2017 as he was called to be part of a multi-vendor team help a company try to recover from the NotPetya worm.
What happened
Servers in five world-wide data centers (two in the U.S., two in Europe, one in Asia) were infected with "NotPetya". NotPetya is a worm that was initially thought to be an encrypting malware and was also classified as "ransomware" because it seemed to ask for a ransom to decrypt the data. But within 48 hours, security experts learned that (1) the data could not be unencrypted, and (2) there was no way for the virus writers to contact or send an "unencryption code" to those who had paid the ransom. Thus NotPetya was no longer called ransomware and was instead a "wiper". The intent was to spread and completely wipe a system drive of all usable data. Most modern companies with datacenters around the world have site-to-site networks setup such that one datacenter can seemlessly communicate with another datacenter in the same company. That was the downfall here. Once a single server in Datacenter A was infected, it spread to other servers within the same datacenter. Within minutes, the worm spread to other servers in Datacenter B, Datacenter C, Datacenter D, and Datacenter E. The network configuration that added "ease of use" now allowed the worm to spread without restrictions from one datacenter to the next within the same company. The company lost all resources within minutes.
