This website uses cookies to enhance your browsing experience. Please note that by continuing to use this site you consent to the terms of our Privacy Notice.

ACCEPT
Experienced a Breach?

NEED IMMEDIATE ASSISTANCE?

Contact Us for Pre and Post Incident Response Services

CONTACT US NOW

NotPetya
News, Updates & Analysis

File Encryption, MFT Encryption & Credential Theft

On June 27, 2017 at approximately 10:30 UTC, a new ransomware family began propagating across multiple countries. The family, referred to as NotPetya, is noteworthy because it combines traditional ransomware behavior with stealthy propagation techniques and a destructive attack element. CrowdStrike Falcon® Endpoint Protection customers are protected against all currently identified variants of the threat.

In addition to encrypting files on infected systems, NotPetya moves laterally to encrypt other systems in the organization by leveraging the same EternalBlue vulnerability that was popularized by WannaCry last month. It then uses another propagation technique that starts by stealing credentials, then uses those legitimate credentials to infect other systems on the network via built-in Microsoft tools (WMI and PSEXEC). Finally, NotPetya employs a destructive technique that prevents infected systems from booting by encrypting the master boot record (MBR).

Attacks have been reported in countries including Ukraine, Russia, Poland, France, Germany, Spain, the United Kingdom, the Netherlands, India, Israel, Australia and the United States. Sectors impacted by this attack include government, energy, finance, defense, telecom, media, maritime, aviation, and transportation.

Prevent, detect, and respond to all attack types including NotPetya in real time with CrowdStrike Falcon.

GET A DEMO

For continued coverage of the NotPetya attack, please read our coverage below.

This page is your source for all the latest news and expert analysis concerning recent NotPetya attacks related to data breaches, malware and ransomware facing businesses worldwide. Here, you’ll be able to stay up to date on all of the news, updates, analysis potential concerns and potential steps you can take to protect your business from them.

Decrypting NotPetya/Petya: Tools for Recovering Your MFT After an Attack

BLOG

NotPetya Technical Analysis – A Triple Threat: File Encryption, MFT Encryption, Credential Theft

BLOG

NotPetya Technical Analysis Part II: Further Findings and Potential for MBR Recovery

BLOG

How CrowdStrike Falcon Prevents Infection and spread of the Destructive NotPetya Attack

VIDEO

NOTPETYA POSTMORTEM: RANSOMWARE, RUSE OR TARGETED TAKEDOWN?

CROWDCAST

CrowdStrike Protects Against NotPetya Attack

BLOG

SEE CROWDSTRIKE FALCON IN ACTION

JOIN A WEEKLY DEMO

REGISTER NOW

 

Stop Breaches with CrowdStrike Falcon request a demo