As technology is advancing, cyber or malware attacks have increased from the past decades. Because of the attack, the world’s cybersecurity is questioned. Different forms of ransomware have created a tremendous hazard in the cyber world. One of the major malware attacks that the multinational companies have to face was the Not Petya attack.
What happened at Maersk?
Maersk, the biggest container ship and supply vessel operator in Denmark was faced with an unexpected ransomware attack on 27 June 2017. The company was badly affected by a malware known as Notpetya and around 4000 to 40000 servers and PCs were under attack. The attackers spread the malware after grasping control of the software update mechanism of M.E.Doc, the de Facto standard accountancy package for firms doing business in Ukraine.
What is Notpetya malware?
Notpetya is an advanced version of Petya malware which was discovered in the year 2016. Petya ransomware encrypts the data of the infected system and charges a ransom amount in bitcoin to regain the system. It mainly targets Microsoft-based systems and encrypts the hard drive’s file and prevents windows from booting. NotPetya has more features than Petya, which helps to spread and infect the system. NotPetya is considered as a cyber attack against Ukraine but the malware has affected not only the target but also infected machines all over the world. The malware has been infected in many multinational companies including Maersk during the year 2016-17.
Is Notpetya dangerous than the earlier form?
It is considered that both Petya and Notpetya target system files, encrypt it, and demand a ransom in the form of bitcoin. The Petya malware has to be downloaded by the victim that appears in the form of email spam and it starts to encode the system. But Notpetya is a kind of malware that is infected without the knowledge of the user and uses a variety of techniques to spread all over the system including EternalBlue and EternalRomance, two exploits developed by the united states. It takes advantage of a tool called Mimi Katz to find network administration documents in the infected system and use the PsExec and WMIC tools built into Windows to access the other computer’s local network and infect them as well. It encodes everything on the master boot and seriously affects the user’s hard drive. Notpetya ransomware is more vulnerable than the Petya ransomware has it damages the system and will be impossible to repair into the original form.
How Maersk recovered the attack?
As the attack was serious the company took immediate actions that the IT experts gathered to track, identify, and remove malware from affected systems in order to restart their operations. The internal and external communications were established and the company transmitted daily updates about their dealings. They established several instructions to do all the actions required for the customers.
Is Notpetya still active in the cyber world?
Studies have shown that the effect of Notpetya is still going on in different countries and experts claim the possibility that this malware can reoccur in a larger form than the earlier version. The only possible way to avoid the data breach is to update the system and its applications regularly. Prevent the downloading of unknown attachments and create a strong unique password to protect the system from any kind of malware attack.
Interested to know more? Join our training. We can help you to learn the In and Out of it. For more cybersecurity lessons in similar topics, join our ethical hacking internship program.