NotPetya is a new ransomware that resembles in many aspects with its predecessor Petya. It was released in 2017, 28th June. Almost similar, yet different, NotPetya has some noticeable differences. It affected more than 2000 organizations. It was mainly targeted to Ukraine. Like Petya, NotPetya also encrypts whole hard disk instead of MFT(master file table). Not to forget, NotPetya also uses the vulnerability EternalBlue (CVE-2017-0144) which was also used by WannaCry.

The vast difference between Petya and NotPetya is that Petya becomes functional through Phishing email while NotPetya spread rapidly without any prior information to the users.

Now here we present some of the interesting facts about NotPetya:-

1. Not an authentic ransomware:- There was no genuine decryption-for-payment option, hence NotPetya’s ransom requests were fraudulent. Even for those who were prepared to pay, NotPetya irrevocably encrypted master boot data after a quick machine reboot; there was no decryption key. Misdirections from perhaps unaffiliated hackers requesting bitcoin in exchange for file decryption persisted for weeks following the incident. Think about this: victims were instructed to add an identifier (a unique number displayed on their screens) in their bitcoin transaction so that the perpetrators could remotely decrypt their computer, but it turned out to be…randomly generated. Ransomware was not what NotPetya was.
2. The damage costs enormously high compared to others:- Tom Bossert, a former cybersecurity specialist for Homeland Security, estimated that the loss was $10 billion. The cost of the ransomware assault on the city of Atlanta in March 2018 is only 0.01% of this. Given the staggering losses incurred by large, multinational corporations, including the pharmaceutical giant Merck ($870 million), the Cadbury chocolate manufacturer Mondel?z ($188 million), and FedEx’s European subsidiary TNT Express ($400 million), it is easy to arrive at the $10 billion total of (acknowledged) NotPetya losses. For comparison, the projected cost of the WannaCry ransomware assault, which occurred one month before NotPetya, ranges from $4 billion to $8 billion.
3. Real world damage is far beyond imaging:- Global shipping behemoth Maersk, with its headquarters in the UK, revealed economic losses of between $250 million and $300 million, which are reportedly significantly underreported. However, the multinational’s powerlessness in the face of a complete shutdown—despite having 800 vessels and 76 ports—is a prime illustration of the havoc NotPetya created in the real world. All of their internet-connected devices were compromised simultaneously and instantly. These comprised physical access settings, routers, VoIP phones, 4,000 servers, 45,000 workstations, and other equipment. To reconstruct the Maersk network, 200 Maersk employees and 400 Deloitte contractor equivalents worked around the clock for 10 days. It took several additional months for the program to start functioning normally.
4. It uses two awful exploits unlike others who relay on single exploit:- EternalBlue and Mimikatz, two well-known exploits for earlier versions of Windows, were used in NotPetya. While the EternalBlue vulnerability allows the outsiders to run their own code on the server side, the latter one allows to access the passwords from the memory which can be used for single/multiple machine attacks. These combined to make NotPetya an ideal weapon. It was quick and didn’t require user action like a trojan would. It moved quickly and easily between systems, gaining access to administrator credentials. Within 45 seconds, the network of a major Ukrainian bank was brought down, and within 16 seconds, a portion of the nation’s transit centre was completely compromised.

For further information you can also follow this link:- https://youtu.be/3ePg-sbWpao