This site has been deprecated in favor of https://attack.mitre.org and will remain in place until 11/1/22.
NotPetya is malware that was first seen in a worldwide attack starting on June 27, 2017. The main purpose of the malware appeared to be to effectively destroy data and disk structures on compromised systems. Though NotPetya presents itself as a form of ransomware, it appears likely that the attackers never intended to make the encrypted data recoverable. As such, NotPetya may be more appropriately thought of as a form of wiper malware. NotPetya contains self-propagating (“wormable”) features to spread itself across a computer network using the SMBv1 exploits EternalBlue and EternalRomance.1
Associated Software Descriptions
- NotPetya - 1
- Exploitation of Remote Services - NotPetya initially infected IT networks, but by means of an exploit (particularly the SMBv1-targeting MS17-010 vulnerability) spread to industrial networks.2
- Lateral Tool Transfer - NotPetya can move laterally through industrial networks by means of the SMB service.2
- Loss of Productivity and Revenue - NotPetya disrupted manufacturing facilities supplying vaccines, resulting in a halt of production and the inability to meet demand for specific vaccines.3
The following groups use this software: