Microsoft announced that they have “identified evidence of a destructive malware operation targeting multiple organizations in Ukraine (UKR). This malware first appeared on victim systems in UKR on January 13, 2022.” They added that the malware is “designed to look like ransomware but lacking a ransom recovery mechanism, is intended to be destructive and designed to render targeted devices inoperable rather than to obtain a ransom.” To me this sounds very similar to NotPetya, which was a virus released by the Russian hacker group Sandworm in 2017.
NotPetya disguised itself as Petya ransomware, however, it spreads and gains access without human interaction. It utilized a backdoor planted in M.E.Doc, a popular accounting software package used universally by companies across UKR. From M.E.Doc, the malware spreads on its own to other computers using EternalBlue and EternalRomance, two programs created by the NSA to bypass Windows security. Data and files are then permanently encrypted or destroyed. Messages of payment to regain access are fake and will do nothing to save a computer. Then, using a program called Mimi Katz, NotPetya extracts admin logins, passwords, and credentials from the computer’s memory and RAM to gain access to broader networks and spread to other devices.
On the day of the attack, NotPetya was implemented into the computers of Linkos Group, a small UKR software business, and it spread like wildfire. Within hours, the self-propagating malware spread across the world, infecting devices in Europe, Asia, the Americas, and even back to Russia. For UKR, the damage was extensive. In just 24 hours, it is estimated that 10 percent of all computers in the country were wiped. Oschadbank, Ukraine’s second-largest bank, was brought down within 45 seconds. Radiation monitors at the abandoned Chernobyl power plant were even disabled. Shipping giant A.P. Moller-Maersk faced up to $300 mil in damages because of the malware, which seized terminal operations and caused weeks of delay. The estimated global cost of damages caused by NotPetya exceeded $10 billion. The US called it the “most destructive and costly cyber-attack in history.”