Skip to content
Longterm Wiki

NotPetya (2017)

Wiki article →Data →

NotPetya was a destructive malware attack disguised as ransomware, deployed June 27, 2017 via a compromised update to M.E.Doc, a Ukrainian tax accounting software. Although it targeted Ukraine, it propagated globally via SMB and credential-theft mechanisms, causing the most destructive cyberattack in history by total economic damage. The U.S., UK, Australia, and Canada attributed the attack to GRU's Unit 74455 (Sandworm). It is the canonical reference point for catastrophic single-event cyber damage and the basis for the Merck v. Ace insurance war-exclusion litigation.

Details

Date

June 27, 2017

Attribution

GRU (Russian military intelligence) Unit 74455 / Sandworm

AI involvement

none

Initial vector

M.E.Doc Ukrainian tax software supply-chain compromise

Estimated total damages

~$10B globally (low ~$8B, high ~$15B)

Notable victims

Maersk, Merck, FedEx/TNT, Mondelēz, Saint-Gobain, Reckitt Benckiser

Related Wiki Pages

Top Related Pages

Event

SolarWinds (2020)

Risk

Cyberweapons Risk

AI-enabled cyberweapons represent a rapidly escalating threat, with AI-powered attacks surging 72% year-over-year in 2025.

Risk

AI Flash Dynamics

AI systems interacting faster than human oversight can operate, creating cascading failures and systemic risks across financial markets, infrastruc...

Event

Colonial Pipeline (2021)

Event

Change Healthcare (2024)

Tags

cyber-incidentdestructive-malwaresupply-chainrussiaukrainecritical-infrastructure