NotPetya

Malware updated 22 days ago (2024-11-29T13:43:48.379Z)
Download STIX
Preview STIX
NotPetya is a destructive malware that posed as ransomware, causing significant global damage in 2017. Despite its appearance as ransomware, NotPetya was not designed to extort money but rather to destroy data and disrupt operations, particularly targeting Ukraine's infrastructure. NotPetya was attributed to the Russian hacking group APT28, also known as Sandworm, which has been involved in numerous high-profile cyber offensives, including the 2016 US election interference and the Olympic Destroyer effort. The total damages caused by NotPetya are estimated to be around $10 billion worldwide. The impact of NotPetya was felt across various sectors, with many companies suffering significant losses. For example, pharmaceutical company Merck resolved a dispute with insurers regarding a $1.4 billion claim arising from the NotPetya incident. Another notable case was the shipping company Maersk, whose leadership helped navigate the company through the crisis. Furthermore, the NotPetya attack led to a lawsuit revolving around Mondelez’s claim to Zurich to cover losses, potentially reshaping the cyber insurance market. The NotPetya attack highlighted the importance of supply-chain security, which has become a major concern following several malicious events such as WannaCry, SolarWinds compromise, and NotPetya itself. These incidents have increased interest in having more control over technology supply chains globally. The potential spread of a similar event like NotPetya has been predicted using epidemiological models, revealing striking similarities between malware and disease dissemination.
Description last updated: 2024-11-25T13:43:45.657Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Sandworm is a possible alias for NotPetya. Sandworm, a threat actor linked to Russia, has been identified as the primary cyber attack unit supporting Russian military activities in Ukraine. This group is notorious for its sophisticated and disruptive cyber attacks, including the compromise of 11 Ukrainian telecommunications providers which c
4
Bad Rabbit is a possible alias for NotPetya. Bad Rabbit is a notorious malware that emerged in October 2017, primarily targeting corporate networks. It operates as ransomware, encrypting the victim's files and disk while offering a means of decryption for a ransom. The malicious software uses fake Adobe Flash installer advertisements to lure v
2
Telebots is a possible alias for NotPetya. TeleBots, a notorious threat actor group also known as Sandworm, BlackEnergy, Iron Viking, Voodoo Bear, and Seashell Blizzard, has been identified as operating under the control of Unit 74455 of the Russian GRU's Main Center for Special Technologies (GTsST). Active since 2000, the group is recognize
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
Wiper
Ukraine
Merck
Insurance
Vulnerability
Russia
Exploit
Ukrainian
Backdoor
Russia’s
Eset
russian
Encryption
Ransom
Payload
Worm
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The WannaCry Malware is associated with NotPetya. WannaCry is a notorious malware that gained global attention in 2017 when it was responsible for the biggest ransomware attack to date. The malware, designed to exploit and damage computer systems, infects systems through suspicious downloads, emails, or websites. Once inside a system, WannaCry can Unspecified
8
The Industroyer Malware is associated with NotPetya. Industroyer, also known as CrashOverride, is a potent malware specifically designed to target Industrial Control Systems (ICS) used in electrical substations. It first gained notoriety for its role in the 2016 cyberattack on Ukraine's power grid, which resulted in a six-hour blackout in Kyiv. The mais related to
4
The BlackEnergy Malware is associated with NotPetya. BlackEnergy is a potent malware toolkit that has been utilized by criminal and Advanced Persistent Threat (APT) actors since 2007. Its destructive capabilities were notably demonstrated in Ukraine where it was used for cyber-espionage, compromising industrial control systems, and launching attacks ais related to
4
The Olympic Destroyer Malware is associated with NotPetya. Olympic Destroyer is a notorious malware that was deployed by Sandworm, a cyber-espionage group, during the 2018 Pyeongchang Winter Olympics. The malware caused significant disruption to the event's IT infrastructure, including broadcasting, ticketing, various Olympics websites, and Wi-Fi at the hosUnspecified
2
The WhisperGate Malware is associated with NotPetya. WhisperGate is a malicious software (malware) deployed by Unit 29155 cyber actors, known for their extensive use of this malware, particularly against Ukraine. The malware corrupts a system's master boot record, displays a fake ransomware note, and encrypts files based on specific file extensions. TUnspecified
2
The petya Malware is associated with NotPetya. Petya is a type of malware, specifically ransomware, that infected Windows-based systems primarily through phishing emails. It was notorious for its ability to disrupt operations and hold data hostage for ransom. Petya, along with other types of ransomware like WannaCry, NotPetya, TeslaCrypt, and Dais related to
2
The Stuxnet Malware is associated with NotPetya. Stuxnet, discovered in 2010, is one of the most infamous malware attacks in history. It was a military-grade cyberweapon co-developed by the United States and Israel, specifically targeting Iran's nuclear enrichment facility at Natanz. The Stuxnet worm infiltrated Windows systems, programming logic Unspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The APT28 Threat Actor is associated with NotPetya. APT28, also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM, is a threat actor linked to Russia. The group has been associated with cyber espionage campaigns across Central Asia and has historically targeted areas of national security, military operations, and geopolitical influUnspecified
2
The Seashell Blizzard Threat Actor is associated with NotPetya. Seashell Blizzard, also known as Iridium, Sandworm, Voodoo Bear, and APT44, is a state-sponsored threat actor group affiliated with the Russian military intelligence service (GRU). Microsoft has identified this group as distinct from other Advanced Persistent Threat (APT) groups operating under the Unspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The Eternalblue Vulnerability is associated with NotPetya. EternalBlue is a software vulnerability, specifically a flaw in the design or implementation of Microsoft's Server Message Block (SMB) protocol. This vulnerability, officially known as CVE-2017-0144, allows for the execution of arbitrary code on affected systems. It became publicly known after a groExploited
3
The Eternalromance Vulnerability is associated with NotPetya. EternalRomance is a software vulnerability, specifically an exploit for the Server Message Block version 1 (SMBv1) protocol, which was leaked by the group known as the "ShadowBrokers." It affects Windows XP, Windows Server 2003, and Windows Vista systems. This flaw allows attackers to execute arbitrUnspecified
2
Source Document References
Information about the NotPetya Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
a month ago
DARKReading
a month ago
DARKReading
a month ago
Flashpoint
2 months ago
DARKReading
3 months ago
DARKReading
5 months ago
CERT-EU
a year ago
CERT-EU
10 months ago
CERT-EU
10 months ago
Recorded Future
5 months ago
RIA - Information System Authority
7 months ago
RIA - Information System Authority
7 months ago
DARKReading
7 months ago
InfoSecurity-magazine
7 months ago
InfoSecurity-magazine
8 months ago
Securityaffairs
8 months ago
DARKReading
8 months ago
BankInfoSecurity
8 months ago
DARKReading
8 months ago
Recorded Future
8 months ago