Home

NotPetya

NotPetya, also known as Petya.A, ExPetr, and NotPetya, is a 2017 cyberattack that appeared as ransomware but was designed primarily to destroy data. It infected systems via a compromised software update for the Ukrainian accounting program M.E.Doc, then spread laterally using tools and exploits such as the EternalBlue and EternalRomance SMB exploits, stolen credentials, and PsExec.

Payload and effect: The malware encrypted files and attempted to overwrite the master file table, rendering

Impact: While targeted initially at Ukrainian entities, the attack quickly spilled over to multinational organizations worldwide,

Attribution and significance: Investigations attributed the operation to the Sandworm Team, linked to Russia's GRU, marking

systems
unrecoverable
even
without
paying
ransom.
The
code
included
a
ransom
note
demanding
Bitcoin
payments,
but
decryption
was
not
possible;
paying
did
not
restore
access.
disrupting
operations
in
industries
including
logistics,
pharmaceuticals,
and
food.
NotPetya
impacted
companies
such
as
Maersk,
Merck,
Mondelez,
and
TNT
Express,
causing
hundreds
of
millions
of
dollars
in
losses
and
widespread
operational
disruption.
it
as
a
state-sponsored
cyber
operation.
NotPetya
demonstrated
the
risk
of
supply-chain
compromise
and
the
potential
for
a
single
update
to
trigger
global
damage.
It
also
highlighted
the
importance
of
patch
management,
network
segmentation,
robust
backups,
and
incident
response
planning.
NotPetya
is
regarded
as
distinct
from
legitimate
ransomware
campaigns
because
its
primary
goal
was
destruction,
not
monetization.