ExPetr
-
First known sample
2017 -
Discovery
2017 -
Number of targets
1000-3000 -
Current status
Active -
Type
Data destroyer -
Targeted platforms
Windows -
TOP targeted countries
Germany , Italy , Poland , Russia , Ukraine -
Connected attacks
-
The way of propagation
Exploits , Watering hole attacks -
Purpose/Functions
Data wiping , Stealing money -
Special features
Our analysis indicates that ExPetr/NotPetya has been designed with data destruction in mind. To launch this attack, its authors have carefully created a destructive malware disguised as ransomware. While some parts of this destructive malware still operate as original building blocks, meaning they might be mistaken for ransomware, their true purpose is destruction, not financial gain. Please find more information here, here and here.
-
Targets
Energy, oil and gas companies , Financial institutions , Wide range of targets , Energy -
Description
A series of “ransomware” attacks targeting businesses in Ukraine, Russia, and the US in the summer of 2017. The victims’ files were encrypted and told they’d be returned once $300 in bitcoins was delivered. However, in reality, it was a wiper—the victims’ files couldn’t be decrypted even after the ransom was paid.