Wiper
NotPetya
First seen: 2017-06 • Status: inactive
Currently Inactive
NotPetya looked like ransomware but was really a weapon designed to destroy data. It caused $10 billion in damages and was created by Russia.
Overview
NotPetya was a destructive wiper disguised as ransomware. It caused $10+ billion in damages worldwide. Attributed to Russian military intelligence.
Also Known As
Petya, ExPetr, Nyetya
How It Spreads
- • Supply chain (M.E.Doc)
- • EternalBlue
- • Mimikatz
What It Does
- • Wipes master boot record
- • Destroys data permanently
- • Masquerades as ransomware
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor supply chain software
- • Watch for MBR modification
MITRE ATT&CK Techniques
T1561, T1210, T1195
If You're Infected
- 1.
Data cannot be recovered - NotPetya is destructive
- 2.
Restore from offline backups
Related Malware
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required