The Ransomware that wasn’t
How a destructive code, hidden as a ransomware paralyzed corporations & agencies around the globe.
NotPetya, a computer malware, originating from Ukraine, infected major corporations and agencies around the globe. It completely paralyzed Ukrainian networks affecting several government offices, banks, power grids, international airports and the radiation monitoring system in Chernobyl.
List of companies affect by NotPetya
- Russian company Roseneft
- Shipping company A.P. Moller-Maersk
- WPP British multi-national advertising company
- Evraz Russian steel company
- Saint-Gobain a French construction company
- German logistics company Deutsche Post office in Ukraine
- Retail company Metro location in Ukraine
- Mondelez International global food company
- Danish shipping company A.P. Moller-Maersk
- US pharmaceutical company Merck
- European TNT Express
- Reckitt Benckiser UK
How NotPetya wasn’t a Ransomware
It’s like WannaCry all over again, Nothing is stopping Petya now. ~Mikko Hypponen
Petya first detected in 2016, was a ransomware, and so was the infamous WannaCry malware (May 2017) that demanded bitcoin as ransom.
When NotPetya hit in June 2017, initially it looked like Petya striking again, but at a scale no one had ever seen before.
Security analysts considered it a yet another ransomware demanding huge bitcoin amounts. But, further analysis revealed that this new malware was in fact, only disguised as a ransomware.
What NotPetya do?
It targeted windows based systems, completely encrypting data, only this time it was irreversible.
Unlike its predecessors, NotPetya completely destroyed data on its target systems, where it irreversibly encrypted critical data belonging to several companies & government agencies.
And the scale of this infection was truly unprecedented. It completely paralyzed operations of the giant shipping company Maersk. With damages exceeding several hundred million dollars.
According to White House estimates, a total of $10 billion worth of damages resulted from NotPetya malware infection.
According Merck, the US pharmaceutical company, this infection resulted in the temporary shutdown of its manufacturing process resulting in $870 million worth of losses.
Moreover, TNT Express lost $400 million. Reckitt Benckiser lost $129 million, and Mondelēz international lost $188 million dollars.
Although, the exact amount of financial damage in the wake of NotPetya infection is unknown. But, the scale and nature of the infection clearly suggests, that it is the most destructive computer malware in the history.
How did NotPetya spread?
A Ukrainian accounting software known as M.E.Doc was used as the ground zero for the massive malware attack.
Ukraine is under constant attack from Russian hackers, since the start of the Russian-Ukrainian conflict five year before the time of this writing.
According to cybersecurity analysts, hackers used M.E.Doc’s update servers to install backdoors in thousands of PCs around the world.
With backdoors already installed in early 2017, hackers released their original payload in June that year, resulting in massive computer malware infections.
Disguised as a ransomware, NotPetya was actually a computer worm/trojan horse that quickly spread via internet and internal networks to infect thousands of PCs around the globe.
Badly managed windows servers with outdated operating systems were the primary target of NotPetya.
The name NotPetya was given after realizing that the malware was not the original version of ‘Petya’.
