What is NotPetya?
Last time I talked about the backstory of NotPetya, a string of malicious code born from an NSA catalog of software exploits. In this post, I will begin to go into detail about the NotPetya attack, the consequences, and mistakes made by the companies that were hit.
NotPetya, at first glance, seemed to be like the typical ransomware that hid data behind walls of encryption that could only be accessed after payment was made. Despite having a wallet that victims could send bitcoins to as payment, this was all a ruse. NotPetya was not ransomware at all, and it was technically incapable of reversing its own encryption. NotPetya was actually a disc wiper, destroying data and rendering any computer that came in contact with it inoperable. NotPetya was so lethal that any computer infected would need to be tossed out, its hardware too far gone to be used anymore. NotPetya, combined with other exploits, could take down networks with thousands of computers if even one of those systems was missing the patch for the EternalBlue exploit due to its virulent nature.
The Effects of the Attack
Maersk, an international shipping company, based in Copenhagen, was one of the companies to be affected by NotPetya. An employee at the Odessa office had M.E. Doc installed on their computer and let the virus into Maersk’s system, and this same computer was, in fact, patient 0 for NotPetya. The effects of the NotPetya attack on Maersk’s systems were severe enough that operations were slowed for days and even weeks, and Maersk was rendered unable to accept new shipments or track existing shipments. Some containers were lost for up to four months, and their gate of operations in Port Elizabeth, New Jersey, was suspended for several days. Maersk reverted to pen and paper to continue their business for the two weeks they were offline, and the only reason they were able to get back on their feet so quickly was due to a computer in Ghana that was offline during the attack, which was then brought to a team in London to restore their system.
In the end, 4,000 servers and 45,000 personal computers had to be replaced. The damages were estimated to be around $300 million, but I have every reason to believe that it is a very low-balled figure. For the next post in this series about NotPetya, I’ll list some other victims as well as who we think was behind the attacks.