Skip to main content

Home NotPetya


(also NotPetya ransomware)

NotPetya definition

NotPetya, sometimes referred to as Petya, is a destructive cyberattack that masquerades as ransomware. It was designed primarily to cause damage and disruption rather than for financial gain. NotPetya initially appears to be ransomware, encrypting files and demanding a ransom payment from the victim to unlock them. However, unlike typical ransomware, NotPetya permanently damages the master boot record, making it impossible to recover the files, even after the ransom payment.

See also: cryptolocker ransomware, spear phishing, anti-phishing service

NotPetya examples

  • Ukraine attack: In 2017, NotPetya attacked numerous Ukrainian businesses and infrastructure, causing extensive damage and disruption.
  • Global spread: After initially attacking Ukraine, NotPetya spread globally, affecting multinational companies and causing billions of dollars in damage.

Implications and risks of NotPetya


  • Efficient spread: NotPetya uses various mechanisms to propagate within networks, making it extremely effective at causing widespread damage.


  • Irrecoverable damage: NotPetya permanently damages files, making a recovery impossible even after a ransom payment.
  • Lack of financial gain: Despite appearing as ransomware, NotPetya does not provide a decryption key after ransom payment, rendering the payment pointless.

Prevention against NotPetya

  • Regular backups: Ensure your important data is regularly backed up to offline or cloud-based storage.
  • Software updates: Keep your operating system and applications up to date to protect against known vulnerabilities.
  • Strong security practices: Employ robust antivirus solutions, firewalls, and network segmentation.