ExPetr

  • First known sample

    2017
  • Discovery

    2017
  • Number of targets

    1000-3000
  • Current status

    Active
  • Type

    Data destroyer
  • Targeted platforms

    Windows
  • TOP targeted countries

    Germany , Italy , Poland , Russia , Ukraine
  • Connected attacks

  • The way of propagation

    Exploits , Watering hole attacks
  • Purpose/Functions

    Data wiping , Stealing money
  • Special features
    Our analysis indicates that ExPetr/NotPetya has been designed with data destruction in mind. To launch this attack, its authors have carefully created a destructive malware disguised as ransomware. While some parts of this destructive malware still operate as original building blocks, meaning they might be mistaken for ransomware, their true purpose is destruction, not financial gain. Please find more information here, here and here.
  • Targets

    Energy, oil and gas companies , Financial institutions , Wide range of targets , Energy
  • Description

    A series of “ransomware” attacks targeting businesses in Ukraine, Russia, and the US in the summer of 2017. The victims’ files were encrypted and told they’d be returned once $300 in bitcoins was delivered. However, in reality, it was a wiper—the victims’ files couldn’t be decrypted even after the ransom was paid.

    Additional information