STEALTHbits Technologies executives believe that attacks such as Petya will continue to use Mimikatz to move laterally within organizations, and offer the following quote to on protecting the enterprise. Jeff Warren, Senior Vice President, Technical Product Management, STEALTHbits Technologies commented below.
Jeff Warren, Senior Vice President, Technical Product Management at STEALTHbits Technologies:
“Petya, like other modern ransomware attacks, leverages a Mimikatz variant to spread through organizations after the initial compromise. This can be expected to continue for future attacks, as Mimikatz is a very effective and easily packaged method for extracting Active Directory credentials and performing lateral movements. Every security professional should be familiar with Mimikatz and how to protect against these attacks. Implementing basic protections against credential theft and lateral movement can be the difference between a phishing attack like Petya compromising a single machine or an entire domain.”