Before we talk about NotPetya attacks, we should first talk about its previous avatar, Petya. Petya is a family of encrypting ransomware that was first discovered in 2016 - a piece of criminal code that surfaced in early 2016 and extorted victims to pay for a key to unlock their files.
This ransomware targets Microsoft Windows-based systems, infecting the master boot record to execute a payload that encrypts a hard drive's file system table and prevents Windows from booting. It subsequently demands that the user make a payment in Bitcoin in order to regain access to the system.'
NotPetya took its name from its resemblance to the ransomware Petya
Petya and NotPetya are two kinds of malware that affected thousands of computers worldwide in 2016 and 2017. Both Petya and NotPetya aim to encrypt the hard drive of infected computers, and there are enough common features between the two. Unlike the fact that the latter is a form originating from the former, NotPetya has many more potential tools to help it spread and infect computers. Moreover, while Petya is a standard piece of ransomware that aims to make few quick Bitcoin from victims, NotPetya is widely viewed as a state-sponsored Russian cyberattack masquerading as ransomware.
Although NotPetya was targetting war-ridden Ukraine, the aftermath was felt by the world. The malware had immense potential to destruct computers, data and wired machines across the world. In the excerpt from Sandworm published by WIRED, the author recounts how the spread of the malware affected not just its intended victim, i.e. Ukraine, but went out to numerous machines around the world, from hospitals in Pennsylvania to a chocolate factory in Tasmania. It ate into multinational companies including Maersk, pharmaceutical giant Merck, FedEx’s European subsidiary TNT Express, French construction company Saint-Gobain, fmcg giants Mondelez, and Reckitt Benckiser. And, as not even expected by its inventors NotPetya spread back to Russia, striking the state oil company Rosneft.
According to confirmation received by WIRED from former Homeland Security adviser Tom Bossert, the result of this attack was more than $10 billion total loss in damages. Bossert during the investigation and study of the malware was US President Donald Trump’s most senior cybersecurity-focused official. Even the infamous WannaCry, that spread a month before NotPetya in May 2017, is estimated to have cost between $4 billion and $8 billion.
Apart from the US presidential elections that the Russians were prying over, NotPetya malware spread like wildfire across the world, eating into every electronics, computers, extracting data and demanding exorbitant amount for recovery in form of Bitcoins. Greenberg in his book paints a bleak picture of the havoc the malware caused across countries and the loss that citizens had to bear, both in cash and kind.
The attacks, which started as a catalyst to win the war against Ukraine, precisely targeting several electronics and computers in hotels, hospitals, government offices etc in the country, ultimately ended up causing vast devastation across the world. Right from losses witnessed in the shipping terminal in Elizabeth, New Jersey to Manhattan’s skyscrapers and from offices in the UK to Ghana, the worm slid through every government data, eating its way to wiping away important historical documents, sabotaging records and creating panic over the world.
However, even after more than a year, the barbaric acts of the NotPetya malware has not been wiped out completely. According to the WIRED, several experts argue that the malware can emerge as bouts in different parts of the world or even reoccur taking a larger form.
Therefore, to protect your data from cyber breach, the advice more or less remains the same. Don’t click on unknown attachments, always use strong and unique passwords, somewhat like a phrase or an idiom, and keep an up-to-date backup, because even if not visible right away, it looks like ransomware's here to stay.