NotPetya Cyber Attack - Just A Latest Weapon For Political War By Juhi Afreen

5 July 2017 Computers ≈ Security

NotPetya is using the exploit SMBv1 'EternalBlue', just like WannaCry in May. At first, it was detected attacking Ukrainian financial institutions and has spread in massive form by Europe, North America, South America and Asia. NotPetya is spreading rapidly through corporate networks in the same way that WannaCry did last month. However, unlike other types of ransomware, it does not encrypt files on infected machines individually. Instead, it locks the entire hard drive of the computer.

Is NotPetya A Cyber Weapon?


27 June 2017, when NotPetya infected thousands of PCs simultaneously in geographic regions worldwide, all cyber security experts began to analyze this malware in their own way. Experts from cyber security firms have concluded in their reports that data encrypted by NotPetya ransomware can not be recovered back even after paying the ransom money. The purpose of this malware is to destroy on the target PC instead of making money. The source code of Petya also known as under following names:


  • Petya-esque Ransomware

  • NotPetya Ransomware

  • Petrwrap Ransomware

  • GoldenEye Ransomware

  • Win32/Diskcoder.C Ransomware

  • Petwrap Ransomware

  • Ransomware

  • Petya.2017

  • Petya (Petya.A) Ransomware


 All of them contains certain clues that reveal the truth of permanent data loss. This is the worst situation because you will not be able to access the encrypted files even after contacting or communicating with the NotPetya developer.

Why is data encrypted by NotPetya unrecoverable?


NotPetya does not use the command and control server and instead generates a random infection ID to store victim information as well as the unique decryption key. But since NotPetya creates random data for each particular ID, so data recovery is impossible. This confirms that NotPetya's idea is quite destructive and not financially motivated. According to reports, the original (master file table) encrypted by NotPetya can not be decrypted. There is permanent and irreversible damage done to the disc.


 It turns out that the idea of NotPetya is definitely not making money. It only makes the target files unusable and does not have the decryption key to provide the victims. It seems now has become a trend to hide the disk cleaners as a ransom. Many of the Cyber-experts are keeping NotPetya in the Cyber-weapon category.


The main targets are the Ukrainian users and their employees are pointing fingers to the Russia who have been accused of developing and supporting malware threats many times in the past. There could be a political angel too and it could be on the same level of malware families as "BlackEnergy" and "Stuxnet" that had political ends. Of course, NotPetya is much of the normal rescue.

About the Author

A blogger, the internet is her best friend and pretty expert in designing. By profession, she is a content writer and extremely fond of anything that is related to cyber security and latest malware. Usually, write blogs on Fix Infected PC, that is a website who daily updates newly found threats and help victims to eliminate the malware from infected PC. 

Article Category