NotPetya

Target: Global Shipping & Logistics

Impact: Total Infrastructure Wipe

Operational Briefing

Analyze the most destructive cyberattack in history. A wiper malware that caused over $10 billion in damages.

The Full Story

NotPetya masqueraded as ransomware but was actually a purely destructive cyber-weapon (a wiper). It originated from a compromised update of Medoc, an accounting software used by nearly every company in Ukraine.

    The attack spilled over globally, causing catastrophic damage to companies like Maersk, FedEx, and Merck.

Technical Analysis

Mechanics

Propagation: Used EternalBlue (like WannaCry) and Mimikatz to harvest credentials from memory for lateral movement.
Destruction: It overwrote the Master Boot Record (MBR) and encrypted the file table with no mechanism to decrypt, even if ransom was paid.
Targeting: Primarily aimed at destabilizing Ukraine's infrastructure.

Available Modes

Offensive

Replicate the attack vector

Defensive

Harden systems & patch

Analysis

Forensic investigation

Event Timeline

June 2017

Initial infection via Medoc update.

June 2017

Rapid global spread paralyzes multinationals.

July 2017

Estimated total damages exceed $10 billion.

#Wiper#Supply Chain#EternalBlue