The article analyzes the spread of NotPetya malware, discussing its purpose, origins, and impact. NotPetya is a ransomware attack that occurred in 2017 and affected multiple countries. It infiltrated users’ computers and encrypted their data. However, due to the design of the attack, it remains unclear whether the attackers could restore the key even after receiving payment, suggesting that the primary goal of the malware was merely to delete data. NotPetya penetrated a Ukrainian tax company to gain access to their credentials and full system access. Using these credentials, it spread the malware to other users’ computers. After accessing the data on the computer, NotPetya encrypts it using the AES algorithm, gains access to the user’s credentials, and utilizes them to connect to the network, spreading to other computers. To prevent such attacks in the future, the author suggests restricting system access for non-admin users and canceling remote system control.
