NotPetya malware attributed

16 February 2018

On 16 February 2018, Minister for Law Enforcement and Cybersecurity Angus Taylor issued a media release saying, “The Australian Government has joined the governments of the United States and the United Kingdom in condemning Russia’s use of the ‘NotPetya’ malware to attack critical infrastructure and businesses in June 2017.”

NotPetya interrupted the normal operation of banking, power, airports and metro services in the Ukraine where the brunt of the impact was felt. The malware then spread globally, costing international businesses hundreds of millions of dollars.

NotPetya was a large-scale cyber incident that also affected organisations in:

  • Europe
  • United States
  • Asia.

What did it do?

The malware locked the files on computers it was installed on, and then used a publicly known vulnerability in Windows to access and infect other computers.

It was initially thought to be a variant of the "Petya" ransomware – a type of malicious software that made data or systems unusable until the victim made a payment, but it soon became clear that it was different. It earned the name "NotPetya" because it disguised itself as ransomware like Petya but unlike Petya its purpose was to spread quickly and cause damage to ICT networks rather than raise money.

Impacts

A number of companies operating in Australia were affected, mostly multinational organisations with a presence in Ukraine. The Australian Cyber Security Centre (ACSC) provided assistance to a small number of organisations in Australia during the incident; and provided general advice to Australian organisations.

Protecting your organisation

It is important that you and your organisation revisit your cyber security and make sure you are protected against threats like NotPetya.

You can implement strategies to improve your cyber resilience, starting with the Essential Eight advice by the Australian Signals Directorate. The Essential Eight is a list of practical steps to make your organisation's computers and networks more secure.