NotPetya: the cyber attack that changed the face of cyber security

In the summer of 2017, we witnessed a cyber attack of unprecedented proportions, starting from Russia and aimed at Ukraine. This episode, known as NotPetya, represents one of the most devastating examples of cyber warfare, highlighting how today's hostilities can also manifest themselves through cyberspace. The Ukrainian company Linkos, producer of the accounting software MeDoc, became the starting point of this attack. The updated software proved to be a vehicle for the virus, quickly infecting a vast computer network and causing immense damage around the world. This event highlights how digital infrastructures have become strategic objectives in modern conflicts.

The devastating impact on Ukraine

The NotPetya attack had serious consequences in Ukraine, with multiple sectors affected: seven banks, airports, the Kyiv metro, the national railway company, media, electricity providers, telephone operators, hospitals, clinics, and distribution chains. The radioactivity sensors at Chernobyl also stopped working. Estimates indicate that nearly one in ten computers in Ukraine was rendered inoperable, causing a significant loss of GDP. Some businesses took months to recover. The collaboration with Talos, Cisco's IT security division, was fundamental, as it helped identify the spread of the virus via MeDoc, confirming the sophistication of the attack.

Global damage and ripple effects

The repercussions of NotPetya were not limited to the Ukrainian borders. Global companies such as FedEx, Maersk, Mondelez, and Merck suffered significant disruptions to their operations. At the Paris headquarters of BNP Paribas, almost all of the computers were rendered useless, forcing employees to return to traditional methods of communication. Experts launched a global race to understand the genesis and spread of NotPetya, identifying the MeDoc software as the initial vector. The speed of propagation of the virus, capable of paralyzing thousands of machines in a few minutes, surprised many, revealing an autonomous replication capacity integrated by its creators.

The genesis and attribution of the attack

NotPetya stood out from other ransomware due to its nonchalance towards the ransom. Even paying the required $300 in bitcoin, the compromised data was not recovered. This suggested that the objective of the attack was not economic, but purely destructive. The investigation led to the identification of unit 74455 of the GRU, Russia's military intelligence service, as the mastermind behind the operation. The United States and the United Kingdom officially declared Russia responsible in early 2018. In 2020, several GRU officers were indicted by American justice, confirming the involvement of senior Russian military officials in the conception and implementation of NotPetya, highlighting the dangerousness of Cyber warfare in the modern geopolitical context.