ABSTRACT
Chief Information Security Officer can and should leverage their expertise and professional networks to support the selection process and subsequently work with the selected partners in validating the effectiveness of the incident response program and subsequent forensic activities. NotPetya leveraged a backdoor in an accounting software package used by many companies in Ukraine to spread the malware. To spread to other computers, NotPetya enhanced the capabilities of Petya using EternalBlue and EternalRomance, as well as a tool to locate the network administration credentials in memory of the infected machines and then use the remote access tools built into Windows to access other computers and infect them. Ransomware was not new, as CryptoLocker has been in the wild since 2013; however, this is the first case where the ransomware became widespread, as prior ransomware leveraged direct mail campaigns using phishing emails to entice a user to download malware.
