EU operational cooperation under test for the second time

Back to News

CSIRTs Network and ENISA come together to respond to new ransomware outbreak on voluntary basis.

For the second time in less than 2 months the EU CSIRTs Network has responded to the recent global outbreak of ‘NotPetya’ campaign that has also affected Europe.

Since Tuesday, 27th June 2017, a malware outbreak has been infecting IT systems mostly in Europe. News agencies across the globe compared this attack with the recent WannaCry ransomware outburst which shocked the world in May 2017. However there were differences like the attack's initial vector. In the case of WannaCry it was plain exploitation of SMB vulnerabilities while now Microsoft has evidence that a few active infections of the ransomware initially started from the legitimate MEDoc tax accounting updater process.

By utilising effective channels of communications, EU MS CSIRTs have managed to exchange information in a secure and prompt manner. This has resulted in a synchronised cross-border information flow, fast incident response on national level, and better recognition and understanding of the threat and mitigation measures. ENISA has once again actively supported MS CSIRTs on this mission.

The successful cooperation among MS CSIRTs has been driven by the current Estonian Presidency of the Council of the EU in a close cooperation with ENISA and other volunteering MS CSIRTs. This adhoc collaboration effort showed good progress in building trust and operational cooperation among EU MS CSIRTs.

Current Chair of the CSIRTs network, CERT-EE, presents today the operational update and situation overview of the 'NotPetya' campaign on behalf of the CSIRTs network at the Horizontal Working Party on Cyber Security Issues meeting in Brussels.

Udo Helmbrecht, Executive Director of ENISA, said: “For the second time within two months, the world is faced with a major global cyber-attack.  ENISA is once again closely monitoring the situation and working together with the Member States CSIRTs to respond to the cyber attack thereby helping to manage the cybersecurity of European citizens and businesses.”