This blog breaks down what NotPetya is, how it spreads, and how businesses can protect themselves from similar threats. Cyberattacks like NotPetya show why strong security measures, regular updates, and backups are critical for every organisation.
Key Takeaways
- NotPetya ransomware caused worldwide disruption in 2017
- It was originally believed to be ransomware but was later identified as a destructive wiper
- The attack primarily targeted Ukraine but spread globally
- Protecting against such attacks requires cybersecurity hygiene and solid backup plans
- Companies like Maersk, Merck, and FedEx suffered massive financial losses
What is NotPetya Ransomware?
NotPetya ransomware first appeared in June 2017, disguising itself as an updated version of the Petya ransomware. Unlike Petya, which encrypts files for ransom, NotPetya had a different goal—wiping data beyond recovery.
Key Differences Between Petya and NotPetya:
- Petya – Encrypts files and demands ransom for decryption
- NotPetya – Pretends to offer decryption but wipes data, making recovery impossible
NotPetya spread by exploiting the EternalBlue vulnerability, the same flaw used in the WannaCry attack. It also used stolen credentials to move across networks, making it highly contagious.
How NotPetya Spread Across the Globe
The attack started through compromised updates of MeDoc, a popular accounting software in Ukraine. Once inside a system, NotPetya used multiple methods to spread:
- EternalBlue vulnerability – Exploiting unpatched systems
- Phishing emails – Fake messages tricking users into downloading infected files
- Credential theft – Using Mimikatz to steal login details and spread laterally
By the time businesses realized what was happening, it had already spread worldwide, hitting sectors like shipping, healthcare, and logistics.
The Impact of NotPetya Ransomware
NotPetya caused over $10 billion in damages. Companies like Maersk and FedEx experienced massive disruptions, and governments had to rethink their cybersecurity strategies.
Notable affected organizations:
- Maersk – Lost nearly $300 million, forced to reinstall thousands of systems
- Merck – Struggled with production losses, leading to lawsuits over insurance claims
- FedEx – Their TNT Express division faced serious operational delays
The attack forced businesses to take cybersecurity more seriously, highlighting the importance of patch management and response planning.
Technical Breakdown of NotPetya
NotPetya’s technical design made it extremely effective in causing damage. Once inside a system, it performed the following actions:
- Data encryption or wiping – Overwriting the Master Boot Record (MBR), making recovery impossible
- Credential theft – Using tools like Mimikatz to extract passwords
- Lateral movement – Spreading across networks through SMB vulnerabilities
Unlike traditional ransomware, NotPetya didn’t provide any way to recover data, proving it was meant for destruction, not profit.
How to Protect Against Ransomware Attacks Like NotPetya
Preventing similar attacks starts with basic cybersecurity steps:
- Patch management – Keep systems updated to fix vulnerabilities like EternalBlue
- Regular backups – Store backups offline to prevent ransomware from spreading to them
- Security software – Use strong endpoint protection and firewalls
- Employee training – Teach staff to spot phishing emails and avoid suspicious links
Businesses that follow these steps are less likely to fall victim to ransomware attacks.
Case Studies: Organizations Affected by NotPetya
Maersk
Maersk, the shipping giant, faced massive disruptions when NotPetya hit. Their entire IT infrastructure needed to be rebuilt from scratch, costing the company millions.
Merck
The pharmaceutical company experienced production halts and supply chain issues. Legal battles followed over whether insurance covered the damages.
FedEx
Their operations in Europe were severely impacted, with shipments delayed for weeks.
What to Do If Infected by Ransomware Like NotPetya
If a ransomware attack hits your organisation, act fast:
- Isolate affected systems – Disconnect infected devices to stop the spread
- Call cybersecurity professionals – Seek expert help for containment and recovery
- Check backups – Restore clean data from secure backups
- Report the attack – Notify relevant authorities and comply with regulations
Lessons Learned from the NotPetya Attack
After NotPetya, many organisations made major changes to their cybersecurity strategies. Governments also stepped in, introducing stricter regulations and encouraging better cyber defence measures.
Key takeaways include:
- More emphasis on incident response planning
- Stricter software update policies
- Stronger collaboration between companies and cybersecurity agencies
FAQs About NotPetya Ransomware
Is NotPetya ransomware or a wiper?
NotPetya is a wiper, designed to destroy data beyond recovery, even though it appeared as ransomware.
How did NotPetya spread so fast?
It exploited the EternalBlue vulnerability and used stolen credentials to move across networks.
Can NotPetya be decrypted?
No. Due to its wiping nature, data recovery is not possible without backups.
Who was responsible for NotPetya?
It’s widely believed to be a state-sponsored attack linked to Russia, targeting Ukrainian infrastructure.
How can businesses prevent similar attacks?
Regular updates, strong security policies, and employee awareness training are crucial.
Staying protected against ransomware attacks like NotPetya ransomware requires constant vigilance. Regular system updates, strong backups, and cybersecurity training should be standard for every business.
For expert guidance on cybersecurity, X-PHY provides advanced solutions to help protect your organisation from potential threats. Cyberattacks can strike anytime—be prepared with X-PHY.