The Wall Street Journal | GPE – December 20, 2017:
Don Jaycox, DLA Piper’s chief information officer for the Americas, sat down with Wall Street Journal reporter Kate Fazzini to explain how the firm responded to the attack, which also affected multinational companies such as A.P. Moller-Maersk, Reckitt Benckiser Group and Merck & Co.
MS. FAZZINI: Can you set the scene on June 27? How did the attack unfold?
MR. JAYCOX: The attack actually started at 6 a.m. Eastern time, 11 a.m. GMT, and 3 a.m. Pacific, where I was located. My team was first notified with a call from our security operations center vendor, who was monitoring the network and saw unusual activity. They got our chief information security officer out of bed, who immediately got our network team out of bed. We realized pretty early on that we were under attack in some form. We didn’t know from what. I got a call around 3:20 a.m., and I think I was dressed and out the door in less than 10 minutes, heading to our West Coast data center.
In a situation like this, you can know you’re under attack but not know what the threat is or what they are going after, etc. At that stage, we thought we were having a relatively straightforward ransomware attack, which we had seen before on individual machines. But as time went on, it became apparent that this was much more than a routine ransomware attack.
Our first instinct—because we had planned it out—was to shut everything down once we realized the attack had a fairly broad reach. The second thing was to notify leadership, and then start our preplanned response plan.
MS. FAZZINI: How fast did this spread across the globe?
MR. JAYCOX: Astonishingly fast. We have just under 100 global offices, and they hit us in our Ukraine office first. It was a malware agent known as NotPetya, which was downloaded on a finance server in Ukraine…
To read full article – please click here.
