Tech Time Warp: Nine years since the NotPetya nightmare

Home / QSOL IT News / cyberattack / Tech Time Warp: Nine years since the NotPetya nightmare

With damages estimated at $10 billion worldwide, the NotPetya malware attack of late June 2017 was a nightmare scenario by any standard. But several aspects of the malware — the work of Russian military intelligence officers — were particularly fiendish:

  • NotPetya acted like ransomware — but it wasn’t. When employees at Danish shipping giant Maersk began experiencing the malware attack on June 27, 2017, their computer screens displayed red and black letters saying, “repairing file system on C:” or “oops, your important files are encrypted.” The latter group also demanded $300 in bitcoin for decryption. But that was a ruse. NotPetya wasn’t ransomware; it was a wiper.
  • The vector for NotPetya was an update to ubiquitous accounting software. To propagate their work, the Russian intelligence team had infiltrated the servers of M.E.Doc, widely used accounting and bookkeeping software in Ukraine.
  • Even patched machines were at risk. NotPetya used two exploits to gain access to infected machines: EternalBlue, leaked from the U.S. National Security Agency, and Mimikatz, proof-of-concept code from 2011 that demonstrated the vulnerability of leaving user passwords in a computer’s memory. Although Microsoft had patched EternalBlue months before, Mimikatz provided credential access—putting even patched machines in harm’s way.

A malware attack unlike any other

The Untold Story of NotPetya, the Most Devastating Cyberattack in History” is a Wired excerpt from journalist Andy Greenberg’s 2018 book Sandworm. It’s regarded as a definitive account of the catastrophic risks of cyberwarfare. The story highlights just how disruptive and far-reaching NotPetya truly was.

Lessons that still shape cybersecurity today

In this excerpt, readers learn that backups eventually brought Maersk back online — thanks to a single backup that had gone offline in Ghana before the attack during a power outage. Retrieving that data required physically transporting servers by airplane to rebuild domain controllers.

The Maersk experience with NotPetya also reshaped the insurance industry, with carriers denying damages after classifying the attack as an act of war — a decision that still influences how cyber risk is evaluated and covered today.

Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.

Photo: aslysun / Shutterstock

This post originally appeared on Smarter MSP.

Related Post

Cybersecurity Threat Advisory: FortiBleed credential exposure campaign

Recent reporting has detailed an active credential exposure campaign dubbed “FortiBleed” that targets internet-facing FortiGate firewall devices. The activity involves

Credentials, cybersecurity, Cybersecurity Threat Advisory, Featured, FortiBleed, FortiGate, Fortinet, managed service provider, MSP, Security, Syndicated, Threat Advisory

Cybersecurity Threat Advisory: AryStinger malware exploits legacy routers

AryStinger is a newly discovered malware family that takes over outdated home and small office (SOHO) routers. Researchers at QiAnXin

AryStinger, cybersecurity, Cybersecurity Threat Advisory, Featured, malware, managed security provider, MSP, network security, Security, Syndicated, threat, VPN

Tip Tuesday: Build a client education kit to

Like many managed service providers, you may have realized that the number of incoming support desk tickets is too high

Better Business, client education kit, cybersecurity, cybersecurity education, Featured, Google, Managed Service Providers, Managed services, MSPs, Security, security tickets, support desk tickets, Syndicated, Tip Tuesday, Tuesday

What MSPs should know in the age of

Employees aren’t waiting for IT’s permission to use AI. They’re connecting ChatGPT plugins, Grammarly, Notion AI, and dozens of other

AI, app, Artificial Intelligence, Business, Copilot, Featured, Gemini, Grammarly, managed security provider, MSP, Notion, Security, Syndicated, Technology, tool sprawl