NotPetya
Back to Recollections
Advanced
2017

NotPetya

Target: Global Shipping & Logistics
Impact: Total Infrastructure Wipe

Operational Briefing

Analyze the most destructive cyberattack in history. A wiper malware that caused over $10 billion in damages.

The Full Story

NotPetya masqueraded as ransomware but was actually a purely destructive cyber-weapon (a wiper). It originated from a compromised update of Medoc, an accounting software used by nearly every company in Ukraine.

    The attack spilled over globally, causing catastrophic damage to companies like Maersk, FedEx, and Merck.

Technical Analysis

Mechanics

  • Propagation: Used EternalBlue (like WannaCry) and Mimikatz to harvest credentials from memory for lateral movement.
  • Destruction: It overwrote the Master Boot Record (MBR) and encrypted the file table with no mechanism to decrypt, even if ransom was paid.
  • Targeting: Primarily aimed at destabilizing Ukraine's infrastructure.

Available Modes

Offensive
Replicate the attack vector
Defensive
Harden systems & patch
Analysis
Forensic investigation

Event Timeline

June 2017
Initial infection via Medoc update.
June 2017
Rapid global spread paralyzes multinationals.
July 2017
Estimated total damages exceed $10 billion.
#Wiper#Supply Chain#EternalBlue