NotPetya

NotPetya is a destructive Malware strain that initially appeared to be Ransomware but was later revealed to be a wiper designed to inflict maximum damage. It spread rapidly through networks using the EternalBlue Exploit and other techniques, encrypting files and rendering systems inoperable without the possibility of decryption.

NotPetya leveraged vulnerabilities in Windows' Server Message Block (SMB) protocol, similar to the WannaCry attack, to propagate across networks. Although it presented a ransom note demanding payment in Bitcoin, the Malware's primary purpose was not financial gain; instead, it was designed to permanently disrupt and destroy data on infected systems.

The purpose of NotPetya was believed to be a politically motivated attack, targeting specific organisations and countries, though its effects were felt globally. By masquerading as Ransomware, NotPetya misled victims and caused widespread disruption to businesses and critical infrastructure, resulting in significant financial and operational losses.

NotPetya spread by Exploiting the EternalBlue Vulnerability, as well as by using compromised credentials to gain access to systems. It also infected systems through malicious software updates. Once a system was compromised, the Malware encrypted the master boot record (MBR) or files, effectively making data recovery impossible. Victims were presented with a ransom demand that led to a dead end, as decryption was not feasible.

NotPetya caused widespread damage to organisations such as Maersk, FedEx, and Ukrainian government entities. The attack led to billions of dollars in damages due to data loss, downtime, and system rebuilding. Unlike typical Ransomware, which aims to extort money, NotPetya's focus on destruction underscored its significance as a wiper attack.

NotPetya highlighted the risks associated with unPatched systems and the need for strong security practices, such as timely Patching, network segmentation, and Incident Response planning. The attack also demonstrated the potential impact of nation-state cyber operations on businesses and critical infrastructure worldwide.