Microsoft cut off entirety of Ukraine from its network during NotPetya attacks

CISO Bret Arsenault says it was one of the worst episodes during his 10-year tenure

Microsoft was forced to disconnect the entirety of Ukraine from its network in order to mitigate the effects of the 2017 NotPetya ransomware attack, it has emerged.

Microsoft CISO Bret Arsenault revealed on Monday that the company "had seconds to make the decision" after being alerted that one of its vendor's devices had been infected by the ransomware back in June 2017.

NotPetya, a self-propagating strain of ransomware that masqueraded as the Petya virus, spread across major European businesses, encrypting data and destroying boot records to render systems unusable. This particularly vicious strain used the EternalBlue exploit leaked from the NSA, which was also responsible for the WannaCry attack just months prior.

Speaking at Microsoft Ignite in Orlando, Arsenault said the episode remains one of the worst during his 10-year tenure.

"June 27th 2017 at 4:13am," he said. "My phone went off, and I got a notice that one of our vendor's devices in Ukraine had been infected. This was right after WannaCry and what was known as Petya. We recognised right away that this was a problem, and we were worried about the infection spreading - this is what became known as NotPetya, which was vicious ransomware.

"We had seconds to make the decision, and so we cut off all of Ukraine from our network to limit any kind of impact that might happen. As you can imagine, June 27th is fiscal close, so anytime you mess with the network infrastructure... you put that at risk."

"That's the day that I learned the job is about choices," he added. "It's a difference between bad choices and worse choices - and I think I likely just made a bad choice."

Arsenault also recalled a similar split-second decision prompted by Hurricane Maria, the deadly Category 5 hurricane that devastated many parts of Dominica, the US Virgin Islands, and, most applicable to Microsoft, Puerto Rico, which serves as a major processing hub for the company.

"Many people don't know that we have about 365 people there (Puerto Rico)... which is our first priority, but also run 13 critical business processes there. So we did a tabletop exercise - I don't know how many people know how to fly 8,000 gallons of fuel into three feet of water, but it's a pretty fun exercise to go through."

Responding to a question on how he stays positive, the CISO of one of the most targeted companies in the world admitted that it has become harder over the years.

"I try to smile. I've been doing this job for ten years, and I think when I took it over I started sleeping like a baby... I (now) wake up at two in the morning crying every night," he joked.

"But I am positive, I think some of the tools we saw (at Ignite) are amazing... they've reduced my time to resolve by up to 50% with no increase in headcount, and most importantly, the signal you have and the telemetry, combined with the artificial intelligence and machine learning that you use, is really what differentiates your ability relative to the bad guys.

"For the first time that I can remember in the 20 years I've been in this space and the ten years in this job, I believe that the defenders and the good guys actually have the advantage."

Featured Resources

Next-generation time series: Forecasting for the real world, not the ideal world

Solve time series problems with AI

Free download

The future of productivity

Driving your business forward with Microsoft Office 365

Free download

How to plan for endpoint security against ever-evolving cyber threats

Safeguard your devices, data, and reputation

Free download

A quantitative comparison of UPS monitoring and servicing approaches across edge environments

Effective UPS fleet management

Free download

Recommended

Almost 70% of CISOs expect a ransomware attack
ransomware

Almost 70% of CISOs expect a ransomware attack

19 Oct 2021
Organizations warned of ransomware risk from smaller operators
ransomware

Organizations warned of ransomware risk from smaller operators

19 Oct 2021
Best ransomware removal tools
ransomware

Best ransomware removal tools

14 Oct 2021
Senator to introduce new bill to force ransomware payment disclosures
ransomware

Senator to introduce new bill to force ransomware payment disclosures

6 Oct 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans
Laptops

Apple MacBook Pro 15in vs Dell XPS 15: Clash of the titans

11 Oct 2021
Royal Mint to recover gold from smartphones and laptops in world first
Technology

Royal Mint to recover gold from smartphones and laptops in world first

21 Oct 2021