NotPetya Much Worse Than WannaCry

NotPetya was 2017's most damaging ransomware attack, according to analysis from malware experts, beating notable campaigns such as Locky and WannaCry.

While WannaCry gained notoriety through sky-high infection rates and its impact on the NHS, which saw 81 of its bodies affected, researchers from security company Webroot said that the less widespread NotPetya outbreak was actually more dangerous, due to the fact that it was specifically engineered to disrupt and damage important systems.

The two malware strains are heavily based on the same exploit, a flaw in Windows Server Message Block system codenamed EternalBlue, which was part of a series of alleged NSA hacking tools dumped by the Shadow Brokers.

"This past year was unlike anything we've ever seen," said Webroot's vice president of engineering and cyber security, David Dufour. "Attacks such as NotPetya and WannaCry were hijacking computers worldwide and spreading new infections through tried-and-true methods.

"Although headlines have helped educate users on the devastating effects of ransomware, businesses and consumers need to follow basic cyber security standards to protect themselves."

A variant of the Petya ransomware from last year, NotPetya was first discovered in June 2017. Unlike most ransomware, NotPetya wasn't designed to encrypt files in order to extort money from victims. Instead, its goal was to wreak as much havoc on systems as possible, spreading within networks and permanently scrambling filesystems.

In fact, the researchers discovered that its resemblance to ransomware was nothing more than a cover to disguise its true purpose - even if victims paid, there was no way for NotPetya's creators to decrypt their files.

NotPetya, WannaCry and Locky were dubbed the nastiest malware campaigns of 2017 by Webroot, with other strains such as Cerber, CrySis and Nemucod also making the list.

ITPro:

You Might Also Read:

UK Health Service Should Have Prevented WannaCry Attack:

Postmortem: WannaCry Ransomware Explained:

Microsoft Chief Says N. Korea Was Behind 'WannaCry':

« Russian Hacking Went Far Beyond US Election
Bank Robbery: Cyber Criminals Steal $1Billion »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

FlashRouters

FlashRouters

FlashRouters offers DD-WRT compatible router models with improved performance, privacy/security options, and advanced functionality.

Kaseya

Kaseya

Kaseya is a premier provider of unified IT management and security software for managed service providers (MSPs) and small to medium-sized businesses (SMBS).

Rubicon Workflow Solutions

Rubicon Workflow Solutions

Rubicon is a leading provider of managed IT support and strategic services, specialising in creative and mixed platform environments.

Security University

Security University

Security University is a leading provider of Qualified Hands-On Cybersecurity Education, Information Assurance Training and Certifications for IT and Security Professionals.

Sera-Brynn

Sera-Brynn

Sera-Brynn is one of the highest-ranked, pure-play cybersecurity compliance and advisory firms in the world.

Critical Start

Critical Start

Critical Start provides Managed Detection and Response services, endpoint security, threat intelligence, penetration testing, risk assessments, and incident response.

Cybolt

Cybolt

Cybolt helps companies, organizations, and governments manage digital risks and live in an environment of confidence and certainty.

StrataCore

StrataCore

StrataCore is a single-source technology lifecycle advocate that works behind IT teams as a strategic partner to help them achieve peak enterprise outcomes.

Triaxiom Security

Triaxiom Security

Triaxiom Security offers penetration testing, security audits, and strategic consulting customized to meet your needs.

Dutch Institute for Vulnerability Disclosure (DIVD)

Dutch Institute for Vulnerability Disclosure (DIVD)

DIVD's aim is to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them.

Avocado Consulting

Avocado Consulting

Avocado helps clients deliver with certainty on their complex IT change, with technology services that automate, monitor and optimise.

Oleria Security

Oleria Security

Oleria is the only adaptive and autonomous security solution that helps organizations accelerate at the pace of change, trusting that data is protected.

The Hacking Games

The Hacking Games

The Hacking Games' Mission is to inspire, educate and mobilise a generation of ethical hackers to make the world a safer place.

Aliro Security

Aliro Security

AliroNet is the world’s first entanglement Advanced Secure Network solution.

Cyber Qubits

Cyber Qubits

Cyber Qubits is a cybersecurity training and consulting company focused on developing the next generation of cybersecurity professionals.

Pontiro

Pontiro

At Pontiro, we are enabling a new era of data-sharing. Bridging the gap between protected data and valuable insights through the use of cutting edge Homomorphic Encryption.