What is NotPetya?
NotPetya: Understanding the Worst Cybersecurity Attack and Its Global Impact on Multinational Corporations
NotPetya is a type of ransomware that shook the world of cybersecurity in June 2017. Named after Petya, a similar ransomware that was released a year earlier, NotPetya
is a type of malicious software
(malware) that encrypts the data on victims' computers, effectively locking them out of their own files, and demands a ransom in Bitcoin for the data to be unlocked.
NotPetya took things a step further than the average ransomware: security experts soon found that its goal was not to extort money from its victims, but to disrupt, damage and generally aggravate. Shockingly sophisticated, while it appeared to function predominantly as an aggressive and effective ransomware campaign, it was eventually deemed to be more akin to a cyber weapon released with the aim of causing disruption and destruction.
The origin of NotPetya was traced back to a legitimate Ukrainian tax software company, M.E.Doc, which researchers believe was unknowingly distributing the malware to their clients through their software updates
. This was achieved by first sabotaging the company's server updates with a corrupted version that contained the NotPetya malware. Once inside a corporate network, the malware then used a variety of wrangled together methods gleaned from multiple antivirus
and malware protection
layers to spread rapidly.
NotPetya adopted advance propagation techniques to automatically move itself unhelped across networks, infecting more devices. A key factor in NotPetya’s ability to propagate across infected networks was its use of the EternalBlue exploit
. This vulnerability, originally discovered by the US National Security Agency (NSA) and leaked by a hacking group known as the Shadow Brokers
, allowed NotPetya to spread quickly within networks from one machine to another.
Also, the malware carried out what's called a 'credential dumping' attack, exploiting vulnerabilities in Windows operating systems. This enabled it to steal login details and continue spreading, even on systems that had been patched against EternalBlue.
Unlike previous kinds of ransomware, NotPetya didn't simply encrypt files on the affected systems - it infected and overwrote the Master Boot Record (MBR), a critical part of a computer's hard drive that's necessary for it to boot up. When the computer was restarted, a ransom note would be displayed demanding payment. But unlike other ransomware which release the encryption keys once the ransom was paid, NotPetya provided no mechanism to do that – this wasn't about making money.
From a cybersecurity perspective, NotPetya represented a shift from financial cybercrime to pure cyber destruction. This impact was global, with it hitting numerous organisations around the world from various different sectors, including the Danish shipping firm Maersk, British advertiser WPP, and Russian oil company Rosneft.
Where antivirus and cybersecurity strategies are concerned, the NotPetya attack highlighted the importance of keeping software up to date, and of having robust and comprehensive data backups in place. One can patch the vulnerabilities that NotPetya exploited, but more critical is a change of mindset at a strategic level. Organisations need to assume a solid cybersecurity posture that not only handles incidents when they occur but also prevents, detects, and responds to these threats in a proactive way.
NotPetya serves as a stark reminder of the finesse, ambiguity, and progressive nature of the contemporary cyber threat
landscape. Its legacy persists as a poignant example of the escalating cyber warfare
tensions on a global scale, emphasising the demand for enhanced cybersecurity measures, collaborative efforts and international regulation to tackle the threats that the digital world continues to face.
What is NotPetya?NotPetya is a type of ransomware that was first identified in June 2017. It spreads through networks, encrypting files on infected computers and demanding a ransom payment in Bitcoin for their release.
How does NotPetya infect computers?NotPetya infects computers through a vulnerability in Microsoft Windows called EternalBlue. This vulnerability was initially discovered by the NSA and was later leaked by hackers. NotPetya takes advantage of this vulnerability to spread through networks, allowing it to quickly infect multiple devices.
Can antivirus software protect against NotPetya?Yes, antivirus software can provide protection against NotPetya. However, it is important to ensure that your antivirus software is up-to-date and that you regularly scan your computer for viruses. It is also recommended to apply security patches and updates as soon as they become available to reduce the risk of infection.
What can I do if my computer is infected with NotPetya?If your computer is infected with NotPetya, it is recommended that you do not pay the ransom. Instead, you should disconnect your computer from the network and seek the assistance of a cybersecurity professional. They may be able to recover your files or provide advice on how to restore your computer to its previous state. It is also important to report the incident to the appropriate authorities.