{"id":80189,"date":"2018-02-21T09:00:18","date_gmt":"2018-02-21T17:00:18","guid":{"rendered":"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/?p=80189"},"modified":"2023-08-03T15:00:54","modified_gmt":"2023-08-03T22:00:54","slug":"how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/","title":{"rendered":"How to mitigate rapid cyberattacks such as Petya and WannaCrypt"},"content":{"rendered":"<p>In the <a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2018\/01\/23\/overview-of-rapid-cyberattacks\/\">first blog post<\/a> of this 3-part series, we introduced what rapid cyberattacks are and illustrated how rapid cyberattacks are different in terms of execution and outcome. In the <a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2018\/02\/05\/overview-of-petya-a-rapid-cyberattack\/\">second blog post<\/a>, we provided some details on Petya and how it worked. In this final blog post, we will share:<\/p>\n<ul>\n<li>Microsoft\u2019s roadmap of recommendations to mitigate rapid cyberattacks.<\/li>\n<li>Outside-in perspectives on rapid cyberattacks and mitigation methods based on a survey of global organizations.<\/li>\n<\/ul>\n<p>Because of how critical security hygiene issues have become and how challenging it is for organizations to follow the guidance and the multiple recommended practices, Microsoft is taking a fresh approach to solving them. Microsoft is working actively with NIST, the Center for Internet Security (CIS), DHS NCCIC (formerly US-CERT), industry partners, and the cybersecurity community to jointly develop and publish practical guides on critical hygiene and to implement reference solutions starting with these recommendations on rapid cyberattacks as related to patch management.<\/p>\n<h2>Roadmap of prescriptive recommendations for mitigating rapid cyberattacks<\/h2>\n<p>We group our mitigation recommendations into four categories based on the effect they have on mitigating risk:<\/p>\n<p><strong>EXPLOIT MITIGATION<\/strong><br \/>\nMitigate software vulnerabilities that allow worms and attackers to enter and\/or traverse an environment<\/p>\n<p><strong>BUSINESS CONTINUITY \/ DISASTER RECOVERY (BC\/DR)<\/strong><br \/>\nRapidly resume business operations after a destructive attack<\/p>\n<p><strong>LATERAL TRAVERSAL \/ SECURING PRIVILEGED ACCESS<\/strong><br \/>\nMitigate ability to traverse (spread) using impersonation and credential theft attacks<\/p>\n<p><strong>ATTACK SURFACE REDUCTION<\/strong><br \/>\nReduce critical risk factors across all attack stages (prepare, enter, traverse, execute)<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-80192\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/02\/Figure-1-Key-components-of-mitigation-strategy-for-rapid-cyberattacks-1024x458.png\" alt=\"Key components of mitigation strategy for rapid cyberattacks.\" width=\"650\" height=\"291\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/02\/Figure-1-Key-components-of-mitigation-strategy-for-rapid-cyberattacks-1024x458.png 1024w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/02\/Figure-1-Key-components-of-mitigation-strategy-for-rapid-cyberattacks-300x134.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/02\/Figure-1-Key-components-of-mitigation-strategy-for-rapid-cyberattacks-768x343.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/02\/Figure-1-Key-components-of-mitigation-strategy-for-rapid-cyberattacks.png 2028w\" sizes=\"(max-width: 650px) 100vw, 650px\" \/><\/p>\n<p style=\"text-align: center;\"><em>Figure 1: Key components of mitigation strategy for rapid cyberattacks<\/em><\/p>\n<p>We recognize every organization has unique challenges and investments in cybersecurity (people and technology) and cannot possibly make every single recommendation a top nor immediate priority. Accordingly, we have broken down the primary (default) recommendations for mitigating rapid cyberattacks into three buckets:<\/p>\n<ol>\n<li><strong>Quick wins:<\/strong> what we recommend organizations accomplish in the first 30 days<\/li>\n<li><strong>Less than 90 days:<\/strong> what we recommend organizations accomplish in the medium term<\/li>\n<li><strong>Next quarter and beyond<\/strong>: what we recommend organizations accomplish in the longer term<\/li>\n<\/ol>\n<p>The following list is our primary recommendations on how to mitigate these attacks.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-80201 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2018\/02\/Picture2162018.png\" alt=\"Microsoft\u2019s primary recommendations for mitigating rapid cyberattacks.\" width=\"618\" height=\"294\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/02\/Picture2162018.png 618w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/02\/Picture2162018-300x143.png 300w\" sizes=\"(max-width: 618px) 100vw, 618px\" \/><\/p>\n<p style=\"text-align: center;\"><em>Figure 2: Microsoft\u2019s primary recommendations for mitigating rapid cyberattacks<\/em><\/p>\n<p>This list has been carefully prioritized based on Microsoft\u2019s direct experience investigating (and helping organizations recover from) these attacks as well as collaboration with numerous industry experts. This is a default set of recommendations and should be tailored to each enterprise based on defenses already in place. You can read more about the details of each recommendation in the slide text and notes of the <a href=\"https:\/\/aka.ms\/rapidattack-slides\">published slide deck.<\/a><\/p>\n<p>In prioritizing the quick wins for the first 30 days, the primary considerations we used are:<\/p>\n<ol>\n<li>Whether the measure directly mitigates a key attack component.<\/li>\n<li>Whether most enterprises could rapidly implement the mitigation (configure, enable, deploy) without significant impact on existing user experiences and business processes.<\/li>\n<\/ol>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-80204 size-full\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/wp-content\/uploads\/2018\/02\/Figure-3-Mapping-each-recommendation-into-the-mitigation-strategy-components.png\" alt=\"Mapping each recommendation into the mitigation strategy components.\" width=\"618\" height=\"274\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/02\/Figure-3-Mapping-each-recommendation-into-the-mitigation-strategy-components.png 618w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/02\/Figure-3-Mapping-each-recommendation-into-the-mitigation-strategy-components-300x133.png 300w\" sizes=\"(max-width: 618px) 100vw, 618px\" \/><\/p>\n<p style=\"text-align: center;\"><em>Figure 3: Mapping each recommendation into the mitigation strategy components<\/em><\/p>\n<p>In addition to the primary recommendations, Microsoft has an additional set of recommendations that could provide significant benefits depending on circumstances of the organization:<\/p>\n<ol>\n<li><strong>Ensure outsourcing contracts and SLAs<\/strong> are compatible with rapid security response<\/li>\n<li><strong>Move critical workloads to SaaS and PaaS<\/strong> as you are able<\/li>\n<li><strong>Validate existing network controls<\/strong> (internet ingress, internal Lab\/ICS\/SCADA isolation)<\/li>\n<li><strong>Enable UEFI Secure Boot<\/strong><\/li>\n<li><strong>Complete <a href=\"http:\/\/aka.ms\/sparoadmap\">SPA roadmap Phase 2<\/a><\/strong><\/li>\n<li><strong>Protect backup and deployment systems<\/strong> from rapid destruction<\/li>\n<li><strong>Restrict inbound peer traffic<\/strong> on all workstations<\/li>\n<li><strong>Use application control<\/strong><\/li>\n<li><strong>Remove local administrator privileges<\/strong> from end-users<\/li>\n<li><strong>Implement modern threat detection and automated response solutions<\/strong><\/li>\n<li><strong>Disable unneeded protocols<\/strong><\/li>\n<li><strong>Replace insecure protocols with secure equivalents<\/strong> (Telnet\u2192SSH, HTTP\u2192 HTTPS, etc.)<\/li>\n<\/ol>\n<p>There are specific reasons why these 12 recommendations, although helpful for certain organizations\/circumstances, were excluded from the list of primary recommendations. You can read about those reasons in the slide notes of the <a href=\"https:\/\/aka.ms\/rapidattack-slides\">published slide deck<\/a>\u00a0if interested.<\/p>\n<h2>Outside-in perspectives on rapid cyberattacks and mitigation methods<\/h2>\n<p>In late November 2017 Microsoft hosted a webinar on this topic and solicited feedback from the attendees which comprised of 845 IT professionals from small organizations to large global enterprises. Here are a few interesting insights from the poll questions.<\/p>\n<p><strong>Rapid cyberattack experience<\/strong><\/p>\n<p>When asked if they had experienced a rapid cyberattack (e.g. WannaCrypt, Petya or other), ~38% stated they did.<\/p>\n<p><strong>Awareness of SPA roadmap<\/strong><\/p>\n<p>When asked if they\u2019re aware of Microsoft\u2019s <a href=\"http:\/\/aka.ms\/sparoadmap\">Securing Privileged Access (SPA) roadmap<\/a>, most, 66%, stated that they were not.<\/p>\n<p><strong>Patching systems<\/strong><\/p>\n<p>When we asked within how many days (&lt;7 or 30 or 90) they can patch various systems, it seems most respondents believed their team is good at patching quickly:<\/p>\n<ul>\n<li>83% can patch workstations within 30 days; 44% within 7 days<\/li>\n<li>81% can patch servers within 30 days; 51% within 7 days<\/li>\n<li>54% can patch Linux\/Other devices within 30 days; 25% within 7 days<\/li>\n<\/ul>\n<p><strong>Removal of SMBv1<\/strong><\/p>\n<p>When asked where they are on the path towards removing SMBv1, 26% said they have completed removing it, another 21% said they are in progress or in the process of doing so, and ~18% more are planning to do so.<\/p>\n<p><strong>Adopting roadmap recommendations<\/strong><\/p>\n<p>When asked what is blocking them from adopting Microsoft\u2019s roadmap recommendations for securing against rapid cyberattacks, the top three reasons respondents shared are:<\/p>\n<ol>\n<li>Lack of time<\/li>\n<li>Lack of resources<\/li>\n<li>Lack of support from upper management\/executive buy-in<\/li>\n<\/ol>\n<p>To help organizations overcome these challenges, Microsoft can be engaged to:<\/p>\n<ul>\n<li>Assist with implementing the mitigations described in <a href=\"http:\/\/aka.ms\/sparoadmap\">SPA Roadmap<\/a> and <a href=\"https:\/\/aka.ms\/rapidattack-slides\">Rapid Cyberattack Guidance<\/a>.<\/li>\n<li>Investigate an active incident with enterprise-wide malware hunting, analysis, and reverse engineering techniques. This includes providing tailored cyberthreat intelligence and strategic guidance to harden the environment against advanced and persistent attacks. Microsoft can provide onsite teams and remote support to help you investigate suspicious events, detect malicious attacks, and respond to security breaches.<\/li>\n<li>Proactively hunt for persistent adversaries in your environment using similar methods as an active incident response (above).<br \/>\nContact your Microsoft Technical Account Manager (TAM) or Account Executive to learn more about how to engage Microsoft for incident response.<\/li>\n<\/ul>\n<p>Contact your Microsoft Technical Account Manager (TAM) or Account Executive to learn more about how to engage Microsoft for incident response.<\/p>\n<h2>More information<\/h2>\n<p>We hope you found the 3-part blog series on the topic of rapid cyberattacks and some recommendations on how to mitigate them useful.<\/p>\n<p>For more information and resources on rapid cyber attacks, please visit the additional links here:<\/p>\n<p><strong>On-demand webinar<\/strong> <a href=\"https:\/\/aka.ms\/rapidattack-webinar\"><em>Protect Against Rapid Cyberattacks (Petya, WannaCrypt, and similar)<\/em><\/a>.<\/p>\n<h3><strong>Additional resources<\/strong><\/h3>\n<p><strong>Tips to mitigate known rapid cyberattacks with Windows 10<\/strong> (and Windows Defender Advanced Threat Protection):<\/p>\n<ul>\n<li><a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2017\/06\/27\/new-ransomware-old-techniques-Petya-adds-worm-capabilities\/?source=mmpc\">New ransomware, old techniques: Petya adds worm capabilities<\/a><\/li>\n<li><a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2017\/06\/29\/windows-10-platform-resilience-against-the-Petya-ransomware-attack\/?source=mmpc\">Windows 10 platform resilience against the Petya ransomware attack\u00a0<\/a><\/li>\n<li><a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2017\/06\/08\/windows-10-creators-update-hardens-security-with-next-gen-defense\/?source=mmpc\">Windows 10 Creators Update provides next-gen ransomware protection<\/a><\/li>\n<li><a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2017\/05\/04\/windows-defender-atp-thwarts-operation-wilysupply-software-supply-chain-cyberattack\/?source=mmpc\">Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack<\/a><\/li>\n<\/ul>\n<p><a href=\"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/2017\/01\/05\/azure-backup-protects-against-ransomware\/\">Mitigate backup destruction by ransomware with Azure Backup security features<\/a><\/p>\n<p><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/active-directory-reporting-risk-events\">Detect leaked credentials in Azure Active Directory<\/a><\/p>\n<p><a href=\"https:\/\/blogs.technet.microsoft.com\/mmpc\/2015\/01\/14\/maps-in-the-cloud-how-can-it-help-your-enterprise\/\">Rapidly detect polymorphic and emerging threats and enable advanced protection with Windows Defender Antivirus cloud protection service (formerly Microsoft Active Protection Service (MAPS))<\/a><\/p>\n<p><a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/threat-protection\/windows-defender-exploit-guard\/network-protection-exploit-guard\">Apply network protection with Windows Defender Exploit Guard<\/a><\/p>\n<p><a href=\"http:\/\/aka.ms\/SPAroadmap\">Safeguard integrity of privileged accounts that administer and manage IT systems by considering Securing Privileged Access (SPA) roadmap<\/a><\/p>\n<p><a href=\"http:\/\/aka.ms\/laps\">Mitigate risk of lateral escalation and Pass-the-Hash (PtH) credential replay attack with Local Admin Password Solution (LAPS)<\/a><\/p>\n<p><a href=\"http:\/\/aka.ms\/disablesmb1\">Mitigate exploitation of SMBv1 vulnerability via Petya or other rapid cyberattack by following guidance on disabling SMBv1<\/a><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Because of how critical security hygiene issues have become and how challenging it is for organizations to follow the guidance and the multiple recommended practices, Microsoft is taking a fresh approach to solving them.<\/p>\n","protected":false},"author":61,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3662],"topic":[3674,3684,3688],"products":[],"threat-intelligence":[],"tags":[3896,3753,3822],"coauthors":[1906],"class_list":["post-80189","post","type-post","status-publish","format-standard","hentry","content-type-news","topic-incident-response","topic-security-operations","topic-threat-trends","tag-credential-theft","tag-cybersecurity-policy","tag-microsoft-security-insights"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to mitigate rapid cyberattacks such as Petya and WannaCrypt | Microsoft Security Blog<\/title>\n<meta name=\"description\" content=\"Because of how critical security hygiene issues have become and how challenging it is for organizations to follow the guidance and the multiple recommended practices, Microsoft is taking a fresh approach to solving them.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to mitigate rapid cyberattacks such as Petya and WannaCrypt | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"Because of how critical security hygiene issues have become and how challenging it is for organizations to follow the guidance and the multiple recommended practices, Microsoft is taking a fresh approach to solving them.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-02-21T17:00:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-03T22:00:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/uploads\/2018\/02\/Figure-1-Key-components-of-mitigation-strategy-for-rapid-cyberattacks-1024x458.png\" \/>\n<meta name=\"author\" content=\"Mark Simos\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mark Simos\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/mark-simos\/\",\"@type\":\"Person\",\"@name\":\"Mark Simos\"}],\"headline\":\"How to mitigate rapid cyberattacks such as Petya and WannaCrypt\",\"datePublished\":\"2018-02-21T17:00:18+00:00\",\"dateModified\":\"2023-08-03T22:00:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/\"},\"wordCount\":1196,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/02\/Figure-1-Key-components-of-mitigation-strategy-for-rapid-cyberattacks-1024x458.png\",\"keywords\":[\"Credential theft\",\"Cybersecurity policy\",\"Microsoft Security Insights\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/\",\"name\":\"How to mitigate rapid cyberattacks such as Petya and WannaCrypt | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/02\/Figure-1-Key-components-of-mitigation-strategy-for-rapid-cyberattacks-1024x458.png\",\"datePublished\":\"2018-02-21T17:00:18+00:00\",\"dateModified\":\"2023-08-03T22:00:54+00:00\",\"description\":\"Because of how critical security hygiene issues have become and how challenging it is for organizations to follow the guidance and the multiple recommended practices, Microsoft is taking a fresh approach to solving them.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/02\/Figure-1-Key-components-of-mitigation-strategy-for-rapid-cyberattacks.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/02\/Figure-1-Key-components-of-mitigation-strategy-for-rapid-cyberattacks.png\",\"width\":2028,\"height\":907},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to mitigate rapid cyberattacks such as Petya and WannaCrypt\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to mitigate rapid cyberattacks such as Petya and WannaCrypt | Microsoft Security Blog","description":"Because of how critical security hygiene issues have become and how challenging it is for organizations to follow the guidance and the multiple recommended practices, Microsoft is taking a fresh approach to solving them.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/","og_locale":"en_US","og_type":"article","og_title":"How to mitigate rapid cyberattacks such as Petya and WannaCrypt | Microsoft Security Blog","og_description":"Because of how critical security hygiene issues have become and how challenging it is for organizations to follow the guidance and the multiple recommended practices, Microsoft is taking a fresh approach to solving them.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/","og_site_name":"Microsoft Security Blog","article_published_time":"2018-02-21T17:00:18+00:00","article_modified_time":"2023-08-03T22:00:54+00:00","og_image":[{"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/uploads\/2018\/02\/Figure-1-Key-components-of-mitigation-strategy-for-rapid-cyberattacks-1024x458.png"}],"author":"Mark Simos","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Mark Simos","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/mark-simos\/","@type":"Person","@name":"Mark Simos"}],"headline":"How to mitigate rapid cyberattacks such as Petya and WannaCrypt","datePublished":"2018-02-21T17:00:18+00:00","dateModified":"2023-08-03T22:00:54+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/"},"wordCount":1196,"commentCount":0,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/02\/Figure-1-Key-components-of-mitigation-strategy-for-rapid-cyberattacks-1024x458.png","keywords":["Credential theft","Cybersecurity policy","Microsoft Security Insights"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/","name":"How to mitigate rapid cyberattacks such as Petya and WannaCrypt | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/02\/Figure-1-Key-components-of-mitigation-strategy-for-rapid-cyberattacks-1024x458.png","datePublished":"2018-02-21T17:00:18+00:00","dateModified":"2023-08-03T22:00:54+00:00","description":"Because of how critical security hygiene issues have become and how challenging it is for organizations to follow the guidance and the multiple recommended practices, Microsoft is taking a fresh approach to solving them.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/02\/Figure-1-Key-components-of-mitigation-strategy-for-rapid-cyberattacks.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/02\/Figure-1-Key-components-of-mitigation-strategy-for-rapid-cyberattacks.png","width":2028,"height":907},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2018\/02\/21\/how-to-mitigate-rapid-cyberattacks-such-as-petya-and-wannacrypt\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"How to mitigate rapid cyberattacks such as Petya and WannaCrypt"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/80189"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=80189"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/80189\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=80189"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=80189"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=80189"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=80189"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=80189"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=80189"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=80189"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}