On the afternoon of June 27, 2017 at the A.P. Møller-Maersk, the confused Maersk employees began to gather in that help center two by two and by three, almost all of them with their laptops. Messages in red and black letters appeared on the machine screens. Some read “repairing the file system in C:” with a strong warning not to turn off the computer. In others, more surreptitiously, it read “oops, your important files are encrypted” and demanding a payment of $ 300 in bitcoin to decrypt them by NotPetya.
At around 3 p.m., a Maersk executive entered the room where a dozen or more employees of this maritime company were waiting for news and told them to go home. The Maersk network was so deeply corrupted that even the IT staff had nothing to do.
The maritime giant that used it, responsible for 76 ports across the globe and for nearly 800 shipping vessels, including container ships that carried tens of millions of tons of cargo, representing about a fifth of the world’s shipping capacity. , was dead in the water.
What was the goal of NotPetya
NotPetya was powered by two powerful hacker wonders done in tandem: One was a penetration tool known as EternalBlue, created by the United States National Security Agency, but it was leaked in a successful penetration of the agency’s top-secret files to Early 2017. EternalBlue exploits a vulnerability in a particular Windows protocol, allowing hackers the freedom to remotely run their own code on any unpatched machine.
The architects at NotPetya combined that digital passkey with an older invention known as Mimikatz, created by French security researcher Benjamin Delpy in 2011. Delpy had originally released Mimikatz to demonstrate that Windows left user passwords in the memory of users. computers. Once hackers gained initial access to a computer, Mimikatz was able to pull those passwords out of RAM and use them to hack into other accessible machines with the same credentials. In networks with multi-user computers, it could even allow an automated hopscotch attack from one machine to another.
NotPetya took its name from its resemblance to the Petya ransomware, which appeared in early 2016 and extorted victims into paying for a key to unlock their files. But the NotPetya ransom messages were just a ruse: The malware’s target was purely destructive. It irreversibly encrypted computers’ master boot records. Any ransom payment the victims tried to make was useless.
Within hours of its first appearance, the worm went beyond Ukraine to countless machines around the world, from the US to Tasmania. It hurt multinational companies such as Maersk, the pharmaceutical giant Merck, the European subsidiary of FedEx TNT Express, the French construction company Saint-Gobain, the food producer Mondelēz and the manufacturer Reckitt Benckiser. In each case, it inflicted nine-figure costs. It even spread to Russia, hitting the state oil company Rosneft.
According to estimates, the damage from the NotPetya cyberattack is estimated at $10,000 millions and that of WannaCry at between $ 4,000 and $8,000 millions. Therefore, we can affirm that NotPetya is considered the most expensive cyberattack in history and we hope that it will not be ousted, at least for now.
