NotPetya, the Most Devastating Cyberattack in History

[labbe5]

https://www.wired.com/story/notpetya-cy ... the-world/

Up three flights of stairs in that building is a server room, where a rack of ­pizza-box-sized computers is connected by a tangle of wires and marked with handwritten, numbered labels. On a normal day, these servers push out routine updates—bug fixes, security patches, new features—to a piece of accounting software called M.E.Doc, which is more or less Ukraine’s equivalent of TurboTax or Quicken. It’s used by nearly anyone who files taxes or does business in the country.

But for a moment in 2017, those machines served as ground zero for the most devastating cyberattack since the invention of the internet—an attack that began, at least, as an assault on one nation by another.

Further reading :
Shareholders allege FedEx covered up damages caused by NotPetya attack
https://www.cyberscoop.com/fedex-shareh ... -notpetya/
Cyber Security Threats to the Financial Sector across Credit Unions, Banks & More
https://sritutorials.com/cyber-security ... anks-more/

[rufwoof]

Yet so relatively simple - A NSA developed crack (Eternal Blue) wrapped in a worm that grabbed userids/passwords out of memory space of unpatched systems (using Mimikatz) and propagated whilst destroying MBR's. Sourced from a single computer infection that opened up access to primary update servers that so happened (by design or otherwise), to serve one of the world’s most complex and interconnected distributed machines.

But no one could find a backup for one crucial layer of the company’s network: its domain controllers, the servers that function as a detailed map of Maersk’s network

...

150 or so domain controllers were programmed to sync their data with one another, so that, in theory, any of them could function as a backup for all the others. But that decentralized backup strategy hadn’t accounted for one scenario: where every domain controller is wiped simultaneously.