One of the most striking cyber attacks that actually affected organizations on a global scale is NotPetya. At first glance it seemed like a regular ransomware attack, took a turn to the worse and ended up like a devastating global cyber pandemic.
NotPetya targeted computers around the world and left a trail of destruction in its wake, which cost billions of dollars in damages. After this cyberattack, organizations across the globe changed their approach to cybersecurity in order to avoid becoming the next victim of such a brutal cyber attack.
What is NotPetya?
NotPetya surfaced in June 2017 - where it specifically started and originates from, remains a mystery. It is believed to have started in Ukraine, and soon after its birth, spread quickly and infected other systems across Europe, Asia and North and South America. What characterizes NotPetya is its ability to infiltrate and exploit a vulnerability in the Windows operating system. This malware is able to spread and multiply within systems and networks without any sort of user interaction.
Compared to the traditional ransomware, that encrypts files and demands a ransom for access to a decryption key, NotPetya is a lot more brutal and destructive - it makes the infected systems unusable.
So what is the motive behind using the NotPetya ransomware? At first it seemed like a normal ransomware attack for the hacker to get some money out of the victim, like the BlackCat ransomware. The malware has, however, a much more sinister motive. It is designed to cause widespread disruption, and not extort money from the victims.
The main targets were Ukrainian governmental organizations and businesses, which include financial institutions and energy companies. This has led many experts to believe that the attacks were politically motivated instead of financially motivated - and thus planned and executed by state-sponsored hacking groups.
NotPetya had an international influence; it hit multiple countries and corporations, including critical infrastructure providers, and governmental organizations were completely paralyzed. The malware quickly and brutally encrypted files and thus made crucial company data inaccessible. One of the leading and largest shipping companies, Maersk, was one of the most high-profile victims of the attack.
The attack forced the shipping company to stop operations at 76 ports across the globe, which then caused significant financial losses and logistical disruptions.
Other big organizations that were struck by the attack are the pharmaceutical giant Merck, WPP (an advertising firm), and the food company Mondelez. When the organizations had to recover from the damage caused by the attack they had to spend billions of dollars, which made the NotPetya attack one of the most expensive cyberattacks in history.
What we’ve learned from NotPetya
The NotPetya attacks have emphasized the need for a great shift in how organizations handle cybersecurity. One of the key takeaways from the attacks was how important it is to apply security patches and updates as quickly as possible.
In NotPetya’s case, the malware exploited a vulnerability that had previously been addressed by Microsoft - even months before the attack. So, organizations who hadn’t implemented the security patch were even more vulnerable to become victims. This only emphasized the importance of software updates and quickly installing them once they’re available.
Another thing we’ve learned from the attack is how important it is to have good and secure backups of our files and systems - good disaster recovery mechanisms are essential to any organization.
Organizations who have strong and secure backup systems will evidently be able to restore any data quicker and resume operations more quickly than organizations who don’t have proper backup systems.
The Evolution of Cybersecurity
The NotPetya attack was a wake-up call for any business and government across the world. In the wake of the attacks, several organizations and businesses invested in cybersecurity which made their defense a lot stronger.
Another thing that NotPetya brought was international corporations addressing cyber threats. Both countries and cybersecurity companies collaborated in the fight against cybercrimes, sharing experiences, strategies and threat intelligence and tools to prevent any future attacks.
NotPetya also prompted a reevaluation of cybersecurity strategies, which highlights how crucial it is to be proactive and one step ahead of the hackers. The methods and approaches include both securing network perimeters as well as focus on internal work segmentations, awareness training and incident response plans.
The attack we’ll remember
The NotPetya attack will be remembered for a long time. It was one of the greatest and most damaging cyber attacks we’ve seen so far. It was at a scale that we’ve never seen before, at a speed that hasn’t been experienced before, with a sophistication that forced many organizations to rethink their approach to cybersecurity.
This has, fortunately, led to a more vigilant approach and awareness towards cybersecurity. Some companies and organizations can still feel the damage NotPetya caused which stands as a reminder of how powerful this - and future - cyber attacks are.
We’re all vulnerable to cyber attacks and should be aware of the risks that come with improper cyber defenses. There is a time before and after NotPetya, and we should stand stronger than the organizations did when they were hit by the brutal cyber attack. And we do this with cybersecurity.
Caroline is a copywriter here at Moxso beside her education. She is doing her Master's in English and specializes in translation and the psychology of language. Both fields deal with communication between people and how to create a common understanding - these elements are incorporated into the copywriting work she does here at Moxso.View all posts by Caroline Preisler