The attack caused more than $10 billion in damages in 2017.
The NotPetya malware primarily targeted Ukraine, but infected computers in countries around the world.
Computer users who experienced the attack received a message on their screens that read: “Ooops, your important files are encrypted.” Infected computers were irreversibly locked and their users could no longer access any files until they paid a ransom of $300 in Bitcoins.
Many tried to restart their computers in an attempt to outsmart the malware, but rebooting only returned them to the same black screen.
Experts believe that Ukranian tax software was originally infected and quickly spread the malware. Hackers hijacked the M.E.Doc update servers to allow them a hidden backdoor that was then used to release the NotPetya malware.
NotPetya used two powerful hacker tools working in tandem: EternalBlue and Mimikatz:
EternalBlue was a penetration tool created by the US National Security Agency that was leaked during a breach of the agency’s secret files in 2017.
Mimikatz was a research tool developed in France to demonstrate that MS Windows left users’ passwords in their computers’ memories.
EternalBlue allowed the malware to run malicious instructions using administrative access gained through Mimikatz. As a result, the worm spread quickly beyond Ukraine and out to countless computers around the world. This made NotPetya the most expensive malicious cyber incident on record.