NotPetya (2017)
NotPetya is one of the most notorious cyberattacks in history, believed to have been initiated by a state-sponsored actor. The malware rapidly spread across the globe, affecting thousands of computers in numerous organizations, and causing significant disruptions.
The malware was named NotPetya because, at first glance, it appeared to be a variant of the Petya ransomware, which had been previously identified and studied by cybersecurity experts. Petya was known for encrypting the MBR of infected systems, preventing them from booting up, and then demanding a ransom.
However, as researchers studied this new variant more, they found significant differences in its operation and intent. While Petya was a genuine ransomware that provided victims with the possibility (though not a guarantee) of decrypting their files after paying a ransom, NotPetya was designed more as a wiper, with the primary objective of causing destruction and disruption. Its encryption was done...