Wiper
NotPetya
aka ExPetr · Petya.A · Nyetya · GoldenEye
A destructive wiper disguised as ransomware that spread from a Ukrainian software update in 2017, causing an estimated $10 billion in global damage.
NotPetya looked like ransomware but was a wiper. Launched on 27 June 2017, it presented a Petya-style ransom note, yet its encryption was designed to be unrecoverable — the installation key was random and discarded. The goal was destruction, not money.
A supply-chain detonation
The initial vector was a poisoned update to M.E.Doc, Ukrainian accounting software, seeding NotPetya inside Ukrainian organisations. From there it spread violently using EternalBlue plus credential theft (Mimikatz) and PsExec/WMI, tearing through flat corporate networks worldwide.
Collateral damage
Though aimed at Ukraine, it crippled multinationals — Maersk, Merck, FedEx's TNT, Mondelēz — for an estimated $10 billion in damage, the costliest cyberattack in history. The US and UK attributed it to Russia's Sandworm. See the campaign on Cyber Breaches and the Sandworm actor profile.
Defense
Offline backups, network segmentation, MS17-010 patching, and credential hygiene to blunt lateral movement.