Home - Article

Featured Article

July 06, 2017

New Details Emerge in 'NotPetya' Ransomware Pandemic

Security experts are still piecing together clues from the massive global cyber pandemic that occurred on June 27.

As we explained in a previous post, the cyberattack — called “NotPetya”— mostly targeted Eastern Europe. At least 60 percent of infections reported to Kaspersky Labs were aimed at Ukraine. However, Russia, Denmark, Norway, the U.K., India and the U.S. were all targeted as well.

One company that is closely investigating the NotPetya pandemic is CyberArk Labs. The company believes that when all is said and done, this new attack could surpass the June WannaCry episode that caused more than $4 billion in damages to global organizations.

So, what exactly happened on June 27?

CyberArk Labs believes that on this date, the Ukrainian government and several large enterprises were targeted by a highly-coordinated ransomware attack — a type of malware that spreads very quickly across a network, locking computer endpoints and demanding payments through a crypto currency like Bitcoin.  

According to CyberArk, the first wave of the attack was deployed by hackers who were already inside of the networks they were targeting.

“These attackers were on the network for some time and used this reconnaissance time to plan and coordinate the attack for maximum effectiveness,” stated CyberArk Senior Director of Cyber Research, R&D Yaacov Ben Naim.

Experts believe that NotPetya exploits the same “ETERNALBLUE” SMB vulnerability that WannaCry used to cascade across private networks.

Even companies that patched the ETERNALBLUE vulnerability are still susceptible to the NotPetya ransomware.

“NotPetya was disseminated via the compromised software update service from MeDoc, a distributor of tax accounting software mandated by the Ukrainian government,” stated Mohammad Tabbara, Senior Systems Engineer, UAE & Channel at Infoblox in a recent infoTECH Spotlight article. “The malware spread to more than 12,000 systems in Europe and the Americas. This new variant started spreading across networks using Windows Management Instrumentation Command-line (WMIC) or the Microsoft Server Message Block (SMB) exploit known as ETERNALBLUE. The SMB exploit is the same method used by WannaCry ransomware, and Microsoft had already released a patch for the vulnerability.”

NotPetya also contains an embedded Mimikatz module, a utility that helps to extract plaintext passwords, PIN codes, hash and Kerberos tickets. 

Once NotPetya was deployed inside of the Ukranian government’s networks, the majority of targeted systems crashed within just one hour after the attack launch. Then, subsequent attacks spread into Russia before expanding globally through phishing emails.

A big reason why the malware was so effective is that after the ransomware spread, it would wait a random amount of time, between 10 and 60 minutes, before rebooting the system. This caused each the slim boot loader to deploy, encrypting the Master Boot Loader and preventing users from restarting their systems.

Who is responsible for the cyberattack?

As of right now, the responsible party is still unknown. However, a public statement was recently posted on the dark Web from a group claiming to be responsible for creating the NotPetya software. According to CNET, group demanded a payment of 100 bitcoin (or about $250,000) in exchange for a decryption key that could unlock any file under NotPetya’s control.

At the beginning of the NotPetya pandemic, hackers were only asking for about $300 per locked machine. Experts believe that the price increase could be an indicator that nation-state attackers could be behind the attacks, although this is still just a theory.

A new breed of hacktrepeneurs has awoken and they have little to fear and everything to gain by infecting as many companies as possible and extorting money from them. Apex Technology Services stands ready to protect your company regardless of whether it’s located in New York CityWhite Plains, New York; Connecticut; Australia; Europe; or anywhere else. Our full suite of cybersecurity and IT support services is at your disposal, enabling you to spend less time worrying about and more time growing your business.

To ensure your security, consider one of our most popular services — Auditing & Documentationwhich pinpoints vulnerabilities in your infrastructure, process flow and internal security procedures.

Apex Technology Services
Choose from comprehensive, affordable solutions for IT consulting, network services and computer help desk support in Fairfield county including Norwalk, Darien, Stamford, Greenwich, Ridgefield and Bridgeport. Also Westchester county including Rye, New Rochelle, White Plains, Yonkers and New York including Manhattan and the five boroughs.


Apex Technology Services is a cutting edge MSP offering quality IT support to financial, medical, legal, Fortune 500 and government agencies while adhering to the highest of quality...



Apex Technology Services has the cybersecurity expertise to help your business in a world filled with attackers looking to shut down your business hold it ransom or steal your valuable...



Apex Technology Services delivers a combination of traditional IT functions such as infrastructure as a service (IaaS), applications, software, security, monitoring, storage...


Ranked Top 10 Network security Solution Provider

One Stop Shop For All Your Technology Needs

Contact us Now!