Skip to content

Hide Navigation Hide TOC

NotPetya (2538e0fe-1290-4ae1-aef9-e55d83c9eb23)

NotPetya is malware that was used by Sandworm Team in a worldwide attack starting on June 27, 2017. While NotPetya appears as a form of ransomware, its main purpose was to destroy data and disk structures on compromised systems; the attackers never intended to make the encrypted data recoverable. As such, NotPetya may be more appropriately thought of as a form of wiper malware. NotPetya contains worm-like features to spread itself across a computer network using the SMBv1 exploits EternalBlue and EternalRomance.[Talos Nyetya June 2017][US-CERT NotPetya 2017][ESET Telebots June 2017][US District Court Indictment GRU Unit 74455 October 2020]

Cluster A Galaxy A Cluster B Galaxy B Level
Sandworm Team (16a65ee9-cd60-4f04-ba34-f2f45fcfc666) Tidal Groups NotPetya (2538e0fe-1290-4ae1-aef9-e55d83c9eb23) Tidal Software 1