NotPetya - ctrlaltdeceit.org

**NotPetya** was one of the most destructive cyberattacks in history. It hit in **June 2017**, masquerading as ransomware but behaving more like a cyberweapon. Here's a rundown of what happened, what it did, and why it was such a big deal: --- ### 🚨 What was NotPetya? NotPetya was a **malware attack** that initially looked like ransomware (a virus that encrypts your files and demands payment to unlock them), but it turned out to be a **wiper**—its real goal wasn’t to make money but to **destroy data and cause chaos**. --- ### 🔬 Technical Overview - **Origin:** It was a variant of the older **Petya ransomware**, but heavily modified—hence the name "NotPetya." - **Infection vector:** It spread via a **compromised update mechanism** in a widely used Ukrainian accounting software called **M.E.Doc**. - **Spread:** Once inside a network, it used two key techniques to spread: - **EternalBlue exploit**, the same vulnerability used by WannaCry, originally developed by the NSA and leaked by the Shadow Brokers. - **Mimikatz**, a tool to harvest credentials from memory and use them to spread laterally. So yeah, it was nasty and fast. Think digital wildfire. --- ### 🎯 Who was targeted? The initial blast radius was Ukraine—government, banks, energy companies, airports. But it didn’t stay there. It **spilled over globally**, hitting: - **Maersk** (shipping giant, lost access to 49,000 laptops and had to reinstall 4,000 servers), - **Merck** (pharma company), - **FedEx/TNT Express**, - **Rosneft** (Russian oil company), and many others. --- ### 💰 Damages - Estimates suggest **$10 billion+** in total damages. - Maersk alone estimated losses over **$300 million**. - This wasn’t a little nuisance; it knocked multinational companies off their feet. --- ### 🕵️‍♂️ Attribution - The attack was traced back to **Russia**, specifically linked to the **GRU**, Russia’s military intelligence agency. - The U.S., U.K., and several allies formally blamed **Russia** for the attack, calling it an act of cyberwarfare. - It was seen as part of ongoing cyber hostilities tied to the conflict in Ukraine. --- ### 😬 Why It Was a Big Deal - It blurred the line between **cybercrime and cyberwarfare**. - It showed how quickly malware can spread across borders and hit unintended targets. - It was a wake-up call about **supply chain attacks** (infecting software updates to get into trusted networks). --- ### TL;DR: **NotPetya** looked like ransomware, but was actually a **state-sponsored wiper** designed to disrupt Ukrainian infrastructure. It backfired spectacularly, crippling companies worldwide and proving that digital attacks can cause **real-world, billion-dollar chaos**. [[What is Cyberwarfare]]