CINXE.COM
Petya (malware family) - Wikipedia
<!DOCTYPE html> <html class="client-nojs vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-sticky-header-enabled vector-toc-available" lang="en" dir="ltr"> <head> <meta charset="UTF-8"> <title>Petya (malware family) - Wikipedia</title> <script>(function(){var className="client-js vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-sticky-header-enabled vector-toc-available";var cookie=document.cookie.match(/(?:^|; )enwikimwclientpreferences=([^;]+)/);if(cookie){cookie[1].split('%2C').forEach(function(pref){className=className.replace(new RegExp('(^| )'+pref.replace(/-clientpref-\w+$|[^\w-]+/g,'')+'-clientpref-\\w+( |$)'),'$1'+pref+'$2');});}document.documentElement.className=className;}());RLCONF={"wgBreakFrames":false,"wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy", "wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgRequestId":"5a3b2252-fb20-42ee-9436-e2ea508443e9","wgCanonicalNamespace":"","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":0,"wgPageName":"Petya_(malware_family)","wgTitle":"Petya (malware family)","wgCurRevisionId":1277547373,"wgRevisionId":1277547373,"wgArticleId":54406327,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":["CS1 German-language sources (de)","CS1 Ukrainian-language sources (uk)","CS1 Estonian-language sources (et)","Articles with short description","Short description matches Wikidata","Use dmy dates from January 2020","2017 in computing","2017 in Ukraine","Cyberattacks","Cybercrime","Cybercrime in India","Hacking in the 2010s","June 2017 crimes","Ransomware","India–Russia relations"],"wgPageViewLanguage":"en","wgPageContentLanguage":"en","wgPageContentModel": "wikitext","wgRelevantPageName":"Petya_(malware_family)","wgRelevantArticleId":54406327,"wgIsProbablyEditable":true,"wgRelevantPageIsProbablyEditable":true,"wgRestrictionEdit":[],"wgRestrictionMove":[],"wgRedirectedFrom":"Petya_and_NotPetya","wgNoticeProject":"wikipedia","wgCiteReferencePreviewsActive":false,"wgFlaggedRevsParams":{"tags":{"status":{"levels":1}}},"wgMediaViewerOnClick":true,"wgMediaViewerEnabledByDefault":true,"wgPopupsFlags":0,"wgVisualEditor":{"pageLanguageCode":"en","pageLanguageDir":"ltr","pageVariantFallbacks":"en"},"wgMFDisplayWikibaseDescriptions":{"search":true,"watchlist":true,"tagline":false,"nearby":true},"wgWMESchemaEditAttemptStepOversample":false,"wgWMEPageLength":50000,"wgInternalRedirectTargetUrl":"/wiki/Petya_(malware_family)","wgEditSubmitButtonLabelPublish":true,"wgULSPosition":"interlanguage","wgULSisCompactLinksEnabled":false,"wgVector2022LanguageInHeader":true,"wgULSisLanguageSelectorEmpty":false,"wgWikibaseItemId":"Q23670513", "wgCheckUserClientHintsHeadersJsApi":["brands","architecture","bitness","fullVersionList","mobile","model","platform","platformVersion"],"GEHomepageSuggestedEditsEnableTopics":true,"wgGETopicsMatchModeEnabled":false,"wgGEStructuredTaskRejectionReasonTextInputEnabled":false,"wgGELevelingUpEnabledForUser":false};RLSTATE={"ext.globalCssJs.user.styles":"ready","site.styles":"ready","user.styles":"ready","ext.globalCssJs.user":"ready","user":"ready","user.options":"loading","ext.cite.styles":"ready","skins.vector.search.codex.styles":"ready","skins.vector.styles":"ready","skins.vector.icons":"ready","jquery.makeCollapsible.styles":"ready","ext.wikimediamessages.styles":"ready","ext.visualEditor.desktopArticleTarget.noscript":"ready","ext.uls.interlanguage":"ready","wikibase.client.init":"ready","ext.wikimediaBadges":"ready"};RLPAGEMODULES=["mediawiki.action.view.redirect","ext.cite.ux-enhancements","mediawiki.page.media","ext.scribunto.logs","site","mediawiki.page.ready", "jquery.makeCollapsible","mediawiki.toc","skins.vector.js","ext.centralNotice.geoIP","ext.centralNotice.startUp","ext.gadget.ReferenceTooltips","ext.gadget.switcher","ext.urlShortener.toolbar","ext.centralauth.centralautologin","mmv.bootstrap","ext.popups","ext.visualEditor.desktopArticleTarget.init","ext.visualEditor.targetLoader","ext.echo.centralauth","ext.eventLogging","ext.wikimediaEvents","ext.navigationTiming","ext.uls.interface","ext.cx.eventlogging.campaigns","ext.cx.uls.quick.actions","wikibase.client.vector-2022","ext.checkUser.clientHints","ext.growthExperiments.SuggestedEditSession"];</script> <script>(RLQ=window.RLQ||[]).push(function(){mw.loader.impl(function(){return["user.options@12s5i",function($,jQuery,require,module){mw.user.tokens.set({"patrolToken":"+\\","watchToken":"+\\","csrfToken":"+\\"}); }];});});</script> <link rel="stylesheet" href="/w/load.php?lang=en&modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cjquery.makeCollapsible.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022"> <script async="" src="/w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022"></script> <meta name="ResourceLoaderDynamicStyles" content=""> <link rel="stylesheet" href="/w/load.php?lang=en&modules=site.styles&only=styles&skin=vector-2022"> <meta name="generator" content="MediaWiki 1.44.0-wmf.17"> <meta name="referrer" content="origin"> <meta name="referrer" content="origin-when-cross-origin"> <meta name="robots" content="max-image-preview:standard"> <meta name="format-detection" content="telephone=no"> <meta property="og:image" content="https://upload.wikimedia.org/wikipedia/commons/6/65/2017_Petya_cyberattack_screenshot.png"> <meta property="og:image:width" content="1200"> <meta property="og:image:height" content="667"> <meta property="og:image" content="https://upload.wikimedia.org/wikipedia/commons/6/65/2017_Petya_cyberattack_screenshot.png"> <meta property="og:image:width" content="800"> <meta property="og:image:height" content="444"> <meta property="og:image" content="https://upload.wikimedia.org/wikipedia/commons/thumb/6/65/2017_Petya_cyberattack_screenshot.png/640px-2017_Petya_cyberattack_screenshot.png"> <meta property="og:image:width" content="640"> <meta property="og:image:height" content="356"> <meta name="viewport" content="width=1120"> <meta property="og:title" content="Petya (malware family) - Wikipedia"> <meta property="og:type" content="website"> <link rel="preconnect" href="//upload.wikimedia.org"> <link rel="alternate" media="only screen and (max-width: 640px)" href="//en.m.wikipedia.org/wiki/Petya_(malware_family)"> <link rel="alternate" type="application/x-wiki" title="Edit this page" href="/w/index.php?title=Petya_(malware_family)&action=edit"> <link rel="apple-touch-icon" href="/static/apple-touch/wikipedia.png"> <link rel="icon" href="/static/favicon/wikipedia.ico"> <link rel="search" type="application/opensearchdescription+xml" href="/w/rest.php/v1/search" title="Wikipedia (en)"> <link rel="EditURI" type="application/rsd+xml" href="//en.wikipedia.org/w/api.php?action=rsd"> <link rel="canonical" href="https://en.wikipedia.org/wiki/Petya_(malware_family)"> <link rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/deed.en"> <link rel="alternate" type="application/atom+xml" title="Wikipedia Atom feed" href="/w/index.php?title=Special:RecentChanges&feed=atom"> <link rel="dns-prefetch" href="//meta.wikimedia.org" /> <link rel="dns-prefetch" href="login.wikimedia.org"> </head> <body class="skin--responsive skin-vector skin-vector-search-vue mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject mw-editable page-Petya_malware_family rootpage-Petya_malware_family skin-vector-2022 action-view"><a class="mw-jump-link" href="#bodyContent">Jump to content</a> <div class="vector-header-container"> <header class="vector-header mw-header"> <div class="vector-header-start"> <nav class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-dropdown" class="vector-dropdown vector-main-menu-dropdown vector-button-flush-left vector-button-flush-right" title="Main menu" > <input type="checkbox" id="vector-main-menu-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-main-menu-dropdown" class="vector-dropdown-checkbox " aria-label="Main menu" > <label id="vector-main-menu-dropdown-label" for="vector-main-menu-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-menu mw-ui-icon-wikimedia-menu"></span> <span class="vector-dropdown-label-text">Main menu</span> </label> <div class="vector-dropdown-content"> <div id="vector-main-menu-unpinned-container" class="vector-unpinned-container"> <div id="vector-main-menu" class="vector-main-menu vector-pinnable-element"> <div class="vector-pinnable-header vector-main-menu-pinnable-header vector-pinnable-header-unpinned" data-feature-name="main-menu-pinned" data-pinnable-element-id="vector-main-menu" data-pinned-container-id="vector-main-menu-pinned-container" data-unpinned-container-id="vector-main-menu-unpinned-container" > <div class="vector-pinnable-header-label">Main menu</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-main-menu.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-main-menu.unpin">hide</button> </div> <div id="p-navigation" class="vector-menu mw-portlet mw-portlet-navigation" > <div class="vector-menu-heading"> Navigation </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-mainpage-description" class="mw-list-item"><a href="/wiki/Main_Page" title="Visit the main page [z]" accesskey="z"><span>Main page</span></a></li><li id="n-contents" class="mw-list-item"><a href="/wiki/Wikipedia:Contents" title="Guides to browsing Wikipedia"><span>Contents</span></a></li><li id="n-currentevents" class="mw-list-item"><a href="/wiki/Portal:Current_events" title="Articles related to current events"><span>Current events</span></a></li><li id="n-randompage" class="mw-list-item"><a href="/wiki/Special:Random" title="Visit a randomly selected article [x]" accesskey="x"><span>Random article</span></a></li><li id="n-aboutsite" class="mw-list-item"><a href="/wiki/Wikipedia:About" title="Learn about Wikipedia and how it works"><span>About Wikipedia</span></a></li><li id="n-contactpage" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us" title="How to contact Wikipedia"><span>Contact us</span></a></li> </ul> </div> </div> <div id="p-interaction" class="vector-menu mw-portlet mw-portlet-interaction" > <div class="vector-menu-heading"> Contribute </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-help" class="mw-list-item"><a href="/wiki/Help:Contents" title="Guidance on how to use and edit Wikipedia"><span>Help</span></a></li><li id="n-introduction" class="mw-list-item"><a href="/wiki/Help:Introduction" title="Learn how to edit Wikipedia"><span>Learn to edit</span></a></li><li id="n-portal" class="mw-list-item"><a href="/wiki/Wikipedia:Community_portal" title="The hub for editors"><span>Community portal</span></a></li><li id="n-recentchanges" class="mw-list-item"><a href="/wiki/Special:RecentChanges" title="A list of recent changes to Wikipedia [r]" accesskey="r"><span>Recent changes</span></a></li><li id="n-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_upload_wizard" title="Add images or other media for use on Wikipedia"><span>Upload file</span></a></li><li id="n-specialpages" class="mw-list-item"><a href="/wiki/Special:SpecialPages"><span>Special pages</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> <a href="/wiki/Main_Page" class="mw-logo"> <img class="mw-logo-icon" src="/static/images/icons/wikipedia.png" alt="" aria-hidden="true" height="50" width="50"> <span class="mw-logo-container skin-invert"> <img class="mw-logo-wordmark" alt="Wikipedia" src="/static/images/mobile/copyright/wikipedia-wordmark-en.svg" style="width: 7.5em; height: 1.125em;"> <img class="mw-logo-tagline" alt="The Free Encyclopedia" src="/static/images/mobile/copyright/wikipedia-tagline-en.svg" width="117" height="13" style="width: 7.3125em; height: 0.8125em;"> </span> </a> </div> <div class="vector-header-end"> <div id="p-search" role="search" class="vector-search-box-vue vector-search-box-collapses vector-search-box-show-thumbnail vector-search-box-auto-expand-width vector-search-box"> <a href="/wiki/Special:Search" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only search-toggle" title="Search Wikipedia [f]" accesskey="f"><span class="vector-icon mw-ui-icon-search mw-ui-icon-wikimedia-search"></span> <span>Search</span> </a> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail cdx-typeahead-search--auto-expand-width"> <form action="/w/index.php" id="searchform" class="cdx-search-input cdx-search-input--has-end-button"> <div id="simpleSearch" class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia" aria-label="Search Wikipedia" autocapitalize="sentences" title="Search Wikipedia [f]" accesskey="f" id="searchInput" > <span class="cdx-text-input__icon cdx-text-input__start-icon"></span> </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <nav class="vector-user-links vector-user-links-wide" aria-label="Personal tools"> <div class="vector-user-links-main"> <div id="p-vector-user-menu-preferences" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-userpage" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-dropdown" class="vector-dropdown " title="Change the appearance of the page's font size, width, and color" > <input type="checkbox" id="vector-appearance-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-appearance-dropdown" class="vector-dropdown-checkbox " aria-label="Appearance" > <label id="vector-appearance-dropdown-label" for="vector-appearance-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-appearance mw-ui-icon-wikimedia-appearance"></span> <span class="vector-dropdown-label-text">Appearance</span> </label> <div class="vector-dropdown-content"> <div id="vector-appearance-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div id="p-vector-user-menu-notifications" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-overflow" class="vector-menu mw-portlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="https://donate.wikimedia.org/?wmf_source=donate&wmf_medium=sidebar&wmf_campaign=en.wikipedia.org&uselang=en" class=""><span>Donate</span></a> </li> <li id="pt-createaccount-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:CreateAccount&returnto=Petya+%28malware+family%29" title="You are encouraged to create an account and log in; however, it is not mandatory" class=""><span>Create account</span></a> </li> <li id="pt-login-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:UserLogin&returnto=Petya+%28malware+family%29" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o" class=""><span>Log in</span></a> </li> </ul> </div> </div> </div> <div id="vector-user-links-dropdown" class="vector-dropdown vector-user-menu vector-button-flush-right vector-user-menu-logged-out" title="Log in and more options" > <input type="checkbox" id="vector-user-links-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-user-links-dropdown" class="vector-dropdown-checkbox " aria-label="Personal tools" > <label id="vector-user-links-dropdown-label" for="vector-user-links-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-ellipsis mw-ui-icon-wikimedia-ellipsis"></span> <span class="vector-dropdown-label-text">Personal tools</span> </label> <div class="vector-dropdown-content"> <div id="p-personal" class="vector-menu mw-portlet mw-portlet-personal user-links-collapsible-item" title="User menu" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport" class="user-links-collapsible-item mw-list-item"><a href="https://donate.wikimedia.org/?wmf_source=donate&wmf_medium=sidebar&wmf_campaign=en.wikipedia.org&uselang=en"><span>Donate</span></a></li><li id="pt-createaccount" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:CreateAccount&returnto=Petya+%28malware+family%29" title="You are encouraged to create an account and log in; however, it is not mandatory"><span class="vector-icon mw-ui-icon-userAdd mw-ui-icon-wikimedia-userAdd"></span> <span>Create account</span></a></li><li id="pt-login" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:UserLogin&returnto=Petya+%28malware+family%29" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o"><span class="vector-icon mw-ui-icon-logIn mw-ui-icon-wikimedia-logIn"></span> <span>Log in</span></a></li> </ul> </div> </div> <div id="p-user-menu-anon-editor" class="vector-menu mw-portlet mw-portlet-user-menu-anon-editor" > <div class="vector-menu-heading"> Pages for logged out editors <a href="/wiki/Help:Introduction" aria-label="Learn more about editing"><span>learn more</span></a> </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-anoncontribs" class="mw-list-item"><a href="/wiki/Special:MyContributions" title="A list of edits made from this IP address [y]" accesskey="y"><span>Contributions</span></a></li><li id="pt-anontalk" class="mw-list-item"><a href="/wiki/Special:MyTalk" title="Discussion about edits from this IP address [n]" accesskey="n"><span>Talk</span></a></li> </ul> </div> </div> </div> </div> </nav> </div> </header> </div> <div class="mw-page-container"> <div class="mw-page-container-inner"> <div class="vector-sitenotice-container"> <div id="siteNotice"><!-- CentralNotice --></div> </div> <div class="vector-column-start"> <div class="vector-main-menu-container"> <div id="mw-navigation"> <nav id="mw-panel" class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-pinned-container" class="vector-pinned-container"> </div> </nav> </div> </div> <div class="vector-sticky-pinned-container"> <nav id="mw-panel-toc" aria-label="Contents" data-event-name="ui.sidebar-toc" class="mw-table-of-contents-container vector-toc-landmark"> <div id="vector-toc-pinned-container" class="vector-pinned-container"> <div id="vector-toc" class="vector-toc vector-pinnable-element"> <div class="vector-pinnable-header vector-toc-pinnable-header vector-pinnable-header-pinned" data-feature-name="toc-pinned" data-pinnable-element-id="vector-toc" > <h2 class="vector-pinnable-header-label">Contents</h2> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-toc.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-toc.unpin">hide</button> </div> <ul class="vector-toc-contents" id="mw-panel-toc-list"> <li id="toc-mw-content-text" class="vector-toc-list-item vector-toc-level-1"> <a href="#" class="vector-toc-link"> <div class="vector-toc-text">(Top)</div> </a> </li> <li id="toc-History" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#History"> <div class="vector-toc-text"> <span class="vector-toc-numb">1</span> <span>History</span> </div> </a> <ul id="toc-History-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-2017_cyberattack" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#2017_cyberattack"> <div class="vector-toc-text"> <span class="vector-toc-numb">2</span> <span>2017 cyberattack</span> </div> </a> <ul id="toc-2017_cyberattack-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Operation" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Operation"> <div class="vector-toc-text"> <span class="vector-toc-numb">3</span> <span>Operation</span> </div> </a> <ul id="toc-Operation-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Mitigation" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Mitigation"> <div class="vector-toc-text"> <span class="vector-toc-numb">4</span> <span>Mitigation</span> </div> </a> <ul id="toc-Mitigation-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Impact" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Impact"> <div class="vector-toc-text"> <span class="vector-toc-numb">5</span> <span>Impact</span> </div> </a> <ul id="toc-Impact-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Reaction" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Reaction"> <div class="vector-toc-text"> <span class="vector-toc-numb">6</span> <span>Reaction</span> </div> </a> <ul id="toc-Reaction-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Other_notable_low-level_malware" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Other_notable_low-level_malware"> <div class="vector-toc-text"> <span class="vector-toc-numb">7</span> <span>Other notable low-level malware</span> </div> </a> <ul id="toc-Other_notable_low-level_malware-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-See_also" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#See_also"> <div class="vector-toc-text"> <span class="vector-toc-numb">8</span> <span>See also</span> </div> </a> <ul id="toc-See_also-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-References" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#References"> <div class="vector-toc-text"> <span class="vector-toc-numb">9</span> <span>References</span> </div> </a> <ul id="toc-References-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Further_reading" class="vector-toc-list-item vector-toc-level-1 vector-toc-list-item-expanded"> <a class="vector-toc-link" href="#Further_reading"> <div class="vector-toc-text"> <span class="vector-toc-numb">10</span> <span>Further reading</span> </div> </a> <ul id="toc-Further_reading-sublist" class="vector-toc-list"> </ul> </li> </ul> </div> </div> </nav> </div> </div> <div class="mw-content-container"> <main id="content" class="mw-body"> <header class="mw-body-header vector-page-titlebar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-page-titlebar-toc" class="vector-dropdown vector-page-titlebar-toc vector-button-flush-left" title="Table of Contents" > <input type="checkbox" id="vector-page-titlebar-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-titlebar-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-page-titlebar-toc-label" for="vector-page-titlebar-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-listBullet mw-ui-icon-wikimedia-listBullet"></span> <span class="vector-dropdown-label-text">Toggle the table of contents</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-titlebar-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <h1 id="firstHeading" class="firstHeading mw-first-heading"><span class="mw-page-title-main">Petya (malware family)</span></h1> <div id="p-lang-btn" class="vector-dropdown mw-portlet mw-portlet-lang" > <input type="checkbox" id="p-lang-btn-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-p-lang-btn" class="vector-dropdown-checkbox mw-interlanguage-selector" aria-label="Go to an article in another language. Available in 26 languages" > <label id="p-lang-btn-label" for="p-lang-btn-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive mw-portlet-lang-heading-26" aria-hidden="true" ><span class="vector-icon mw-ui-icon-language-progressive mw-ui-icon-wikimedia-language-progressive"></span> <span class="vector-dropdown-label-text">26 languages</span> </label> <div class="vector-dropdown-content"> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="interlanguage-link interwiki-ca mw-list-item"><a href="https://ca.wikipedia.org/wiki/Petya" title="Petya – Catalan" lang="ca" hreflang="ca" data-title="Petya" data-language-autonym="Català" data-language-local-name="Catalan" class="interlanguage-link-target"><span>Català</span></a></li><li class="interlanguage-link interwiki-cs mw-list-item"><a href="https://cs.wikipedia.org/wiki/Petya_(malware)" title="Petya (malware) – Czech" lang="cs" hreflang="cs" data-title="Petya (malware)" data-language-autonym="Čeština" data-language-local-name="Czech" class="interlanguage-link-target"><span>Čeština</span></a></li><li class="interlanguage-link interwiki-de mw-list-item"><a href="https://de.wikipedia.org/wiki/Petya" title="Petya – German" lang="de" hreflang="de" data-title="Petya" data-language-autonym="Deutsch" data-language-local-name="German" class="interlanguage-link-target"><span>Deutsch</span></a></li><li class="interlanguage-link interwiki-et mw-list-item"><a href="https://et.wikipedia.org/wiki/Petya" title="Petya – Estonian" lang="et" hreflang="et" data-title="Petya" data-language-autonym="Eesti" data-language-local-name="Estonian" class="interlanguage-link-target"><span>Eesti</span></a></li><li class="interlanguage-link interwiki-es mw-list-item"><a href="https://es.wikipedia.org/wiki/Petya_(malware)" title="Petya (malware) – Spanish" lang="es" hreflang="es" data-title="Petya (malware)" data-language-autonym="Español" data-language-local-name="Spanish" class="interlanguage-link-target"><span>Español</span></a></li><li class="interlanguage-link interwiki-fa mw-list-item"><a href="https://fa.wikipedia.org/wiki/%D9%BE%D8%AA%DB%8C%D8%A7" title="پتیا – Persian" lang="fa" hreflang="fa" data-title="پتیا" data-language-autonym="فارسی" data-language-local-name="Persian" class="interlanguage-link-target"><span>فارسی</span></a></li><li class="interlanguage-link interwiki-fr mw-list-item"><a href="https://fr.wikipedia.org/wiki/Petya" title="Petya – French" lang="fr" hreflang="fr" data-title="Petya" data-language-autonym="Français" data-language-local-name="French" class="interlanguage-link-target"><span>Français</span></a></li><li class="interlanguage-link interwiki-ko mw-list-item"><a href="https://ko.wikipedia.org/wiki/%ED%8E%98%ED%8A%B8%EC%95%BC" title="페트야 – Korean" lang="ko" hreflang="ko" data-title="페트야" data-language-autonym="한국어" data-language-local-name="Korean" class="interlanguage-link-target"><span>한국어</span></a></li><li class="interlanguage-link interwiki-id mw-list-item"><a href="https://id.wikipedia.org/wiki/Petya_(perangkat_pemeras)" title="Petya (perangkat pemeras) – Indonesian" lang="id" hreflang="id" data-title="Petya (perangkat pemeras)" data-language-autonym="Bahasa Indonesia" data-language-local-name="Indonesian" class="interlanguage-link-target"><span>Bahasa Indonesia</span></a></li><li class="interlanguage-link interwiki-it mw-list-item"><a href="https://it.wikipedia.org/wiki/Petya" title="Petya – Italian" lang="it" hreflang="it" data-title="Petya" data-language-autonym="Italiano" data-language-local-name="Italian" class="interlanguage-link-target"><span>Italiano</span></a></li><li class="interlanguage-link interwiki-ka mw-list-item"><a href="https://ka.wikipedia.org/wiki/Petya" title="Petya – Georgian" lang="ka" hreflang="ka" data-title="Petya" data-language-autonym="ქართული" data-language-local-name="Georgian" class="interlanguage-link-target"><span>ქართული</span></a></li><li class="interlanguage-link interwiki-lt mw-list-item"><a href="https://lt.wikipedia.org/wiki/Petya" title="Petya – Lithuanian" lang="lt" hreflang="lt" data-title="Petya" data-language-autonym="Lietuvių" data-language-local-name="Lithuanian" class="interlanguage-link-target"><span>Lietuvių</span></a></li><li class="interlanguage-link interwiki-lmo mw-list-item"><a href="https://lmo.wikipedia.org/wiki/Petya" title="Petya – Lombard" lang="lmo" hreflang="lmo" data-title="Petya" data-language-autonym="Lombard" data-language-local-name="Lombard" class="interlanguage-link-target"><span>Lombard</span></a></li><li class="interlanguage-link interwiki-hu mw-list-item"><a href="https://hu.wikipedia.org/wiki/Petya_(zsarol%C3%B3v%C3%ADrus)" title="Petya (zsarolóvírus) – Hungarian" lang="hu" hreflang="hu" data-title="Petya (zsarolóvírus)" data-language-autonym="Magyar" data-language-local-name="Hungarian" class="interlanguage-link-target"><span>Magyar</span></a></li><li class="interlanguage-link interwiki-ms mw-list-item"><a href="https://ms.wikipedia.org/wiki/Petya_(perisian_perosak)" title="Petya (perisian perosak) – Malay" lang="ms" hreflang="ms" data-title="Petya (perisian perosak)" data-language-autonym="Bahasa Melayu" data-language-local-name="Malay" class="interlanguage-link-target"><span>Bahasa Melayu</span></a></li><li class="interlanguage-link interwiki-nl mw-list-item"><a href="https://nl.wikipedia.org/wiki/Petya" title="Petya – Dutch" lang="nl" hreflang="nl" data-title="Petya" data-language-autonym="Nederlands" data-language-local-name="Dutch" class="interlanguage-link-target"><span>Nederlands</span></a></li><li class="interlanguage-link interwiki-ja mw-list-item"><a href="https://ja.wikipedia.org/wiki/Petya" title="Petya – Japanese" lang="ja" hreflang="ja" data-title="Petya" data-language-autonym="日本語" data-language-local-name="Japanese" class="interlanguage-link-target"><span>日本語</span></a></li><li class="interlanguage-link interwiki-pl mw-list-item"><a href="https://pl.wikipedia.org/wiki/Atak_NotPetya" title="Atak NotPetya – Polish" lang="pl" hreflang="pl" data-title="Atak NotPetya" data-language-autonym="Polski" data-language-local-name="Polish" class="interlanguage-link-target"><span>Polski</span></a></li><li class="interlanguage-link interwiki-pt mw-list-item"><a href="https://pt.wikipedia.org/wiki/Petya_(fam%C3%ADlia_de_malware)" title="Petya (família de malware) – Portuguese" lang="pt" hreflang="pt" data-title="Petya (família de malware)" data-language-autonym="Português" data-language-local-name="Portuguese" class="interlanguage-link-target"><span>Português</span></a></li><li class="interlanguage-link interwiki-ru mw-list-item"><a href="https://ru.wikipedia.org/wiki/Petya" title="Petya – Russian" lang="ru" hreflang="ru" data-title="Petya" data-language-autonym="Русский" data-language-local-name="Russian" class="interlanguage-link-target"><span>Русский</span></a></li><li class="interlanguage-link interwiki-sl mw-list-item"><a href="https://sl.wikipedia.org/wiki/Petya" title="Petya – Slovenian" lang="sl" hreflang="sl" data-title="Petya" data-language-autonym="Slovenščina" data-language-local-name="Slovenian" class="interlanguage-link-target"><span>Slovenščina</span></a></li><li class="interlanguage-link interwiki-ta mw-list-item"><a href="https://ta.wikipedia.org/wiki/%E0%AE%AA%E0%AF%86%E0%AE%9F%E0%AF%8D%E0%AE%AF%E0%AE%BE_(%E0%AE%A4%E0%AF%80%E0%AE%A8%E0%AE%BF%E0%AE%B0%E0%AE%B2%E0%AF%8D)" title="பெட்யா (தீநிரல்) – Tamil" lang="ta" hreflang="ta" data-title="பெட்யா (தீநிரல்)" data-language-autonym="தமிழ்" data-language-local-name="Tamil" class="interlanguage-link-target"><span>தமிழ்</span></a></li><li class="interlanguage-link interwiki-uk mw-list-item"><a href="https://uk.wikipedia.org/wiki/Petya" title="Petya – Ukrainian" lang="uk" hreflang="uk" data-title="Petya" data-language-autonym="Українська" data-language-local-name="Ukrainian" class="interlanguage-link-target"><span>Українська</span></a></li><li class="interlanguage-link interwiki-vi mw-list-item"><a href="https://vi.wikipedia.org/wiki/Petya_(malware)" title="Petya (malware) – Vietnamese" lang="vi" hreflang="vi" data-title="Petya (malware)" data-language-autonym="Tiếng Việt" data-language-local-name="Vietnamese" class="interlanguage-link-target"><span>Tiếng Việt</span></a></li><li class="interlanguage-link interwiki-zh-yue mw-list-item"><a href="https://zh-yue.wikipedia.org/wiki/Petya" title="Petya – Cantonese" lang="yue" hreflang="yue" data-title="Petya" data-language-autonym="粵語" data-language-local-name="Cantonese" class="interlanguage-link-target"><span>粵語</span></a></li><li class="interlanguage-link interwiki-zh mw-list-item"><a href="https://zh.wikipedia.org/wiki/Petya" title="Petya – Chinese" lang="zh" hreflang="zh" data-title="Petya" data-language-autonym="中文" data-language-local-name="Chinese" class="interlanguage-link-target"><span>中文</span></a></li> </ul> <div class="after-portlet after-portlet-lang"><span class="wb-langlinks-edit wb-langlinks-link"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q23670513#sitelinks-wikipedia" title="Edit interlanguage links" class="wbc-editpage">Edit links</a></span></div> </div> </div> </div> </header> <div class="vector-page-toolbar"> <div class="vector-page-toolbar-container"> <div id="left-navigation"> <nav aria-label="Namespaces"> <div id="p-associated-pages" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-associated-pages" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-nstab-main" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Petya_(malware_family)" title="View the content page [c]" accesskey="c"><span>Article</span></a></li><li id="ca-talk" class="vector-tab-noicon mw-list-item"><a href="/wiki/Talk:Petya_(malware_family)" rel="discussion" title="Discuss improvements to the content page [t]" accesskey="t"><span>Talk</span></a></li> </ul> </div> </div> <div id="vector-variants-dropdown" class="vector-dropdown emptyPortlet" > <input type="checkbox" id="vector-variants-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-variants-dropdown" class="vector-dropdown-checkbox " aria-label="Change language variant" > <label id="vector-variants-dropdown-label" for="vector-variants-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">English</span> </label> <div class="vector-dropdown-content"> <div id="p-variants" class="vector-menu mw-portlet mw-portlet-variants emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> </div> </div> </nav> </div> <div id="right-navigation" class="vector-collapsible"> <nav aria-label="Views"> <div id="p-views" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-views" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-view" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Petya_(malware_family)"><span>Read</span></a></li><li id="ca-edit" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Petya_(malware_family)&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-history" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Petya_(malware_family)&action=history" title="Past revisions of this page [h]" accesskey="h"><span>View history</span></a></li> </ul> </div> </div> </nav> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-dropdown" class="vector-dropdown vector-page-tools-dropdown" > <input type="checkbox" id="vector-page-tools-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-tools-dropdown" class="vector-dropdown-checkbox " aria-label="Tools" > <label id="vector-page-tools-dropdown-label" for="vector-page-tools-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" ><span class="vector-dropdown-label-text">Tools</span> </label> <div class="vector-dropdown-content"> <div id="vector-page-tools-unpinned-container" class="vector-unpinned-container"> <div id="vector-page-tools" class="vector-page-tools vector-pinnable-element"> <div class="vector-pinnable-header vector-page-tools-pinnable-header vector-pinnable-header-unpinned" data-feature-name="page-tools-pinned" data-pinnable-element-id="vector-page-tools" data-pinned-container-id="vector-page-tools-pinned-container" data-unpinned-container-id="vector-page-tools-unpinned-container" > <div class="vector-pinnable-header-label">Tools</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-page-tools.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-page-tools.unpin">hide</button> </div> <div id="p-cactions" class="vector-menu mw-portlet mw-portlet-cactions emptyPortlet vector-has-collapsible-items" title="More options" > <div class="vector-menu-heading"> Actions </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-more-view" class="selected vector-more-collapsible-item mw-list-item"><a href="/wiki/Petya_(malware_family)"><span>Read</span></a></li><li id="ca-more-edit" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Petya_(malware_family)&action=edit" title="Edit this page [e]" accesskey="e"><span>Edit</span></a></li><li id="ca-more-history" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Petya_(malware_family)&action=history"><span>View history</span></a></li> </ul> </div> </div> <div id="p-tb" class="vector-menu mw-portlet mw-portlet-tb" > <div class="vector-menu-heading"> General </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-whatlinkshere" class="mw-list-item"><a href="/wiki/Special:WhatLinksHere/Petya_(malware_family)" title="List of all English Wikipedia pages containing links to this page [j]" accesskey="j"><span>What links here</span></a></li><li id="t-recentchangeslinked" class="mw-list-item"><a href="/wiki/Special:RecentChangesLinked/Petya_(malware_family)" rel="nofollow" title="Recent changes in pages linked from this page [k]" accesskey="k"><span>Related changes</span></a></li><li id="t-upload" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:File_Upload_Wizard" title="Upload files [u]" accesskey="u"><span>Upload file</span></a></li><li id="t-permalink" class="mw-list-item"><a href="/w/index.php?title=Petya_(malware_family)&oldid=1277547373" title="Permanent link to this revision of this page"><span>Permanent link</span></a></li><li id="t-info" class="mw-list-item"><a href="/w/index.php?title=Petya_(malware_family)&action=info" title="More information about this page"><span>Page information</span></a></li><li id="t-cite" class="mw-list-item"><a href="/w/index.php?title=Special:CiteThisPage&page=Petya_%28malware_family%29&id=1277547373&wpFormIdentifier=titleform" title="Information on how to cite this page"><span>Cite this page</span></a></li><li id="t-urlshortener" class="mw-list-item"><a href="/w/index.php?title=Special:UrlShortener&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FPetya_%28malware_family%29"><span>Get shortened URL</span></a></li><li id="t-urlshortener-qrcode" class="mw-list-item"><a href="/w/index.php?title=Special:QrCode&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FPetya_%28malware_family%29"><span>Download QR code</span></a></li> </ul> </div> </div> <div id="p-coll-print_export" class="vector-menu mw-portlet mw-portlet-coll-print_export" > <div class="vector-menu-heading"> Print/export </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="coll-download-as-rl" class="mw-list-item"><a href="/w/index.php?title=Special:DownloadAsPdf&page=Petya_%28malware_family%29&action=show-download-screen" title="Download this page as a PDF file"><span>Download as PDF</span></a></li><li id="t-print" class="mw-list-item"><a href="/w/index.php?title=Petya_(malware_family)&printable=yes" title="Printable version of this page [p]" accesskey="p"><span>Printable version</span></a></li> </ul> </div> </div> <div id="p-wikibase-otherprojects" class="vector-menu mw-portlet mw-portlet-wikibase-otherprojects" > <div class="vector-menu-heading"> In other projects </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-wikibase" class="wb-otherproject-link wb-otherproject-wikibase-dataitem mw-list-item"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q23670513" title="Structured data on this page hosted by Wikidata [g]" accesskey="g"><span>Wikidata item</span></a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> </div> </div> </div> <div class="vector-column-end"> <div class="vector-sticky-pinned-container"> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-pinned-container" class="vector-pinned-container"> </div> </nav> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-pinned-container" class="vector-pinned-container"> <div id="vector-appearance" class="vector-appearance vector-pinnable-element"> <div class="vector-pinnable-header vector-appearance-pinnable-header vector-pinnable-header-pinned" data-feature-name="appearance-pinned" data-pinnable-element-id="vector-appearance" data-pinned-container-id="vector-appearance-pinned-container" data-unpinned-container-id="vector-appearance-unpinned-container" > <div class="vector-pinnable-header-label">Appearance</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-appearance.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-appearance.unpin">hide</button> </div> </div> </div> </nav> </div> </div> <div id="bodyContent" class="vector-body" aria-labelledby="firstHeading" data-mw-ve-target-container> <div class="vector-body-before-content"> <div class="mw-indicators"> </div> <div id="siteSub" class="noprint">From Wikipedia, the free encyclopedia</div> </div> <div id="contentSub"><div id="mw-content-subtitle"><span class="mw-redirectedfrom">(Redirected from <a href="/w/index.php?title=Petya_and_NotPetya&redirect=no" class="mw-redirect" title="Petya and NotPetya">Petya and NotPetya</a>)</span></div></div> <div id="mw-content-text" class="mw-body-content"><div class="mw-content-ltr mw-parser-output" lang="en" dir="ltr"><div class="shortdescription nomobile noexcerpt noprint searchaux" style="display:none">Family of encrypting ransomware discovered in 2016</div> <p class="mw-empty-elt"> </p> <style data-mw-deduplicate="TemplateStyles:r1257001546">.mw-parser-output .infobox-subbox{padding:0;border:none;margin:-3px;width:auto;min-width:100%;font-size:100%;clear:none;float:none;background-color:transparent}.mw-parser-output .infobox-3cols-child{margin:auto}.mw-parser-output .infobox .navbar{font-size:100%}@media screen{html.skin-theme-clientpref-night .mw-parser-output .infobox-full-data:not(.notheme)>div:not(.notheme)[style]{background:#1f1f23!important;color:#f8f9fa}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .infobox-full-data:not(.notheme) div:not(.notheme){background:#1f1f23!important;color:#f8f9fa}}@media(min-width:640px){body.skin--responsive .mw-parser-output .infobox-table{display:table!important}body.skin--responsive .mw-parser-output .infobox-table>caption{display:table-caption!important}body.skin--responsive .mw-parser-output .infobox-table>tbody{display:table-row-group}body.skin--responsive .mw-parser-output .infobox-table tr{display:table-row!important}body.skin--responsive .mw-parser-output .infobox-table th,body.skin--responsive .mw-parser-output .infobox-table td{padding-left:inherit;padding-right:inherit}}</style><table class="infobox"><tbody><tr><th colspan="2" class="infobox-above" style="background-color:#FFADAD;text-align:center;vertical-align:middle;font-size:110%;">Petya</th></tr><tr><td colspan="2" class="infobox-full-data"><span class="mw-default-size" typeof="mw:File/Frameless"><a href="/wiki/File:2017_Petya_cyberattack_screenshot.png" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/6/65/2017_Petya_cyberattack_screenshot.png/240px-2017_Petya_cyberattack_screenshot.png" decoding="async" width="240" height="133" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/6/65/2017_Petya_cyberattack_screenshot.png/360px-2017_Petya_cyberattack_screenshot.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/6/65/2017_Petya_cyberattack_screenshot.png/480px-2017_Petya_cyberattack_screenshot.png 2x" data-file-width="720" data-file-height="400" /></a></span></td></tr><tr><td colspan="2" class="infobox-full-data"><a href="/wiki/ASCII_art" title="ASCII art">ASCII art</a> of a <a href="/wiki/Skull_and_crossbones_(symbol)" class="mw-redirect" title="Skull and crossbones (symbol)">skull and crossbones</a> is displayed as part of the payload on the original version of Petya.<sup id="cite_ref-cp-petya_1-0" class="reference"><a href="#cite_note-cp-petya-1"><span class="cite-bracket">[</span>1<span class="cite-bracket">]</span></a></sup></td></tr><tr><td colspan="2" class="infobox-full-data"><div style="background-color:#ffdcd7; height:2px; margin: 0 -1px ;"></div></td></tr><tr><th scope="row" class="infobox-label">Type</th><td class="infobox-data"><a href="/wiki/Malware" title="Malware">Malware</a></td></tr><tr><th scope="row" class="infobox-label">Subtype</th><td class="infobox-data"><a href="/wiki/Cryptovirology" title="Cryptovirology">Cryptovirus</a></td></tr><tr><th scope="row" class="infobox-label">Classification</th><td class="infobox-data"><a href="/wiki/Ransomware" title="Ransomware">Ransomware</a></td></tr><tr><th colspan="2" class="infobox-header" style="background-color:#ffdcd7;">Technical details</th></tr><tr><th scope="row" class="infobox-label">Platform</th><td class="infobox-data"><a href="/wiki/Microsoft_Windows" title="Microsoft Windows">Windows</a></td></tr></tbody></table> <p><b>Petya</b> is a family of encrypting <a href="/wiki/Malware" title="Malware">malware</a> that was first discovered in 2016.<sup id="cite_ref-:0_2-0" class="reference"><a href="#cite_note-:0-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup> The malware targets <a href="/wiki/Microsoft_Windows" title="Microsoft Windows">Microsoft Windows</a>–based systems, infecting the <a href="/wiki/Master_boot_record" title="Master boot record">master boot record</a> to execute a <a href="/wiki/Payload_(computing)" title="Payload (computing)">payload</a> that encrypts a hard drive's <a href="/wiki/File_system" title="File system">file system</a> table and prevents Windows from booting. It subsequently demands that the users make a payment in <a href="/wiki/Bitcoin" title="Bitcoin">Bitcoin</a> in order to regain access to the system. </p><p>Variants of Petya were first seen in March 2016, which propagated via infected <a href="/wiki/E-mail_attachment" class="mw-redirect" title="E-mail attachment">e-mail attachments</a>. In June 2017, a new variant of Petya was used for a <a href="/wiki/2017_cyberattacks_on_Ukraine" class="mw-redirect" title="2017 cyberattacks on Ukraine">global cyberattack</a>, primarily targeting <a href="/wiki/Ukraine" title="Ukraine">Ukraine</a>. The new variant propagates via the <a href="/wiki/EternalBlue" title="EternalBlue">EternalBlue</a> exploit, which is generally believed to have been developed by the <a href="/wiki/United_States" title="United States">U.S</a>. <a href="/wiki/National_Security_Agency" title="National Security Agency">National Security Agency</a> (NSA), and was used earlier in the year by the <a href="/wiki/WannaCry" class="mw-redirect" title="WannaCry">WannaCry</a> ransomware. <a href="/wiki/Kaspersky_Lab" title="Kaspersky Lab">Kaspersky Lab</a> referred to this new version as <i>NotPetya</i> to distinguish it from the 2016 variants, due to these differences in operation. It looked like ransomware, but without functioning recovery feature it was equivalent to a <a href="/wiki/Wiper_(malware)" title="Wiper (malware)">wiper</a>. The NotPetya attacks have been blamed on the Russian government, specifically the <a href="/wiki/Sandworm_(hacker_group)" title="Sandworm (hacker group)">Sandworm</a> hacking group within the <a href="/wiki/GRU_(G.U.)" class="mw-redirect" title="GRU (G.U.)">GRU</a> Russian military intelligence organization, by security researchers, Google, and several governments.<sup id="cite_ref-:0_2-1" class="reference"><a href="#cite_note-:0-2"><span class="cite-bracket">[</span>2<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-3" class="reference"><a href="#cite_note-3"><span class="cite-bracket">[</span>3<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-4" class="reference"><a href="#cite_note-4"><span class="cite-bracket">[</span>4<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-5" class="reference"><a href="#cite_note-5"><span class="cite-bracket">[</span>5<span class="cite-bracket">]</span></a></sup> </p> <meta property="mw:PageProp/toc" /> <div class="mw-heading mw-heading2"><h2 id="History">History</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Petya_(malware_family)&action=edit&section=1" title="Edit section: History"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Petya was discovered in March 2016;<sup id="cite_ref-nw-petyadouble_6-0" class="reference"><a href="#cite_note-nw-petyadouble-6"><span class="cite-bracket">[</span>6<span class="cite-bracket">]</span></a></sup> <a href="/wiki/Check_Point" title="Check Point">Check Point</a> noted that while it had achieved fewer infections than other ransomware active in early 2016, such as <a href="/wiki/CryptoWall" class="mw-redirect" title="CryptoWall">CryptoWall</a>, it contained notable differences in operation that caused it to be "immediately flagged as the next step in ransomware evolution".<sup id="cite_ref-cp-petya_1-1" class="reference"><a href="#cite_note-cp-petya-1"><span class="cite-bracket">[</span>1<span class="cite-bracket">]</span></a></sup> Another variant of Petya discovered in May 2016 contained a secondary payload used if the malware cannot achieve <a href="/wiki/Superuser" title="Superuser">administrator</a>-level access.<sup id="cite_ref-nw-petyadouble_6-1" class="reference"><a href="#cite_note-nw-petyadouble-6"><span class="cite-bracket">[</span>6<span class="cite-bracket">]</span></a></sup> </p><p>The name "Petya" is a reference to the 1995 <a href="/wiki/James_Bond_in_film" class="mw-redirect" title="James Bond in film">James Bond</a> film <i><a href="/wiki/GoldenEye" title="GoldenEye">GoldenEye</a></i>, wherein <i>Petya</i> is one of the two Soviet weapon satellites which carry a "Goldeneye"—an atomic bomb detonated in low Earth orbit to produce an <a href="/wiki/Electromagnetic_pulse" title="Electromagnetic pulse">electromagnetic pulse</a>. A <a href="/wiki/Twitter" title="Twitter">Twitter</a> account that <i><a href="/wiki/Heise_Online" class="mw-redirect" title="Heise Online">Heise</a></i> suggested may have belonged to the author of the malware, named "Hue Janus Cybercrime Solutions" after <a href="/wiki/Alec_Trevelyan" title="Alec Trevelyan">Alec Trevelyan</a>'s crime group in <i>GoldenEye</i>, had an avatar with an image of <i>GoldenEye</i> character Boris Grishenko, a Russian hacker and antagonist in the film played by Scottish actor <a href="/wiki/Alan_Cumming" title="Alan Cumming">Alan Cumming</a>.<sup id="cite_ref-7" class="reference"><a href="#cite_note-7"><span class="cite-bracket">[</span>7<span class="cite-bracket">]</span></a></sup> </p><p>On 30 August 2018, a regional court in <a href="/wiki/Nikopol,_Ukraine" title="Nikopol, Ukraine">Nikopol</a> in the <a href="/wiki/Dnipropetrovsk_Oblast" title="Dnipropetrovsk Oblast">Dnipropetrovsk Oblast</a> of Ukraine convicted an unnamed Ukrainian citizen to one year in prison after pleading guilty to having spread a version of Petya online.<sup id="cite_ref-8" class="reference"><a href="#cite_note-8"><span class="cite-bracket">[</span>8<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-9" class="reference"><a href="#cite_note-9"><span class="cite-bracket">[</span>9<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-10" class="reference"><a href="#cite_note-10"><span class="cite-bracket">[</span>10<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="2017_cyberattack">2017 cyberattack</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Petya_(malware_family)&action=edit&section=2" title="Edit section: 2017 cyberattack"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1236090951">.mw-parser-output .hatnote{font-style:italic}.mw-parser-output div.hatnote{padding-left:1.6em;margin-bottom:0.5em}.mw-parser-output .hatnote i{font-style:normal}.mw-parser-output .hatnote+link+.hatnote{margin-top:-0.5em}@media print{body.ns-0 .mw-parser-output .hatnote{display:none!important}}</style><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/2017_Ukraine_ransomware_attacks" title="2017 Ukraine ransomware attacks">2017 Ukraine ransomware attacks</a></div> <figure class="mw-default-size mw-halign-right" typeof="mw:File/Thumb"><a href="/wiki/File:PetyaA.jpg" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/5/58/PetyaA.jpg/220px-PetyaA.jpg" decoding="async" width="220" height="177" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/5/58/PetyaA.jpg/330px-PetyaA.jpg 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/5/58/PetyaA.jpg/440px-PetyaA.jpg 2x" data-file-width="696" data-file-height="559" /></a><figcaption>NotPetya's ransom note displayed on a compromised system</figcaption></figure> <p>On 27 June 2017, a major global <a href="/wiki/Cyberattack" title="Cyberattack">cyberattack</a> began (Ukrainian companies were among the first to state they were being attacked<sup id="cite_ref-BBCGlobalR_11-0" class="reference"><a href="#cite_note-BBCGlobalR-11"><span class="cite-bracket">[</span>11<span class="cite-bracket">]</span></a></sup>), utilizing a new variant of Petya. On that day, <a href="/wiki/Kaspersky_Lab" title="Kaspersky Lab">Kaspersky Lab</a> reported infections in France, Germany, Italy, Poland, the United Kingdom, and the United States, but that the majority of infections targeted Russia and Ukraine, where more than 80 companies were initially attacked, including the <a href="/wiki/National_Bank_of_Ukraine" title="National Bank of Ukraine">National Bank of Ukraine</a>.<sup id="cite_ref-BBCGlobalR_11-1" class="reference"><a href="#cite_note-BBCGlobalR-11"><span class="cite-bracket">[</span>11<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-BloombergUkrRus_12-0" class="reference"><a href="#cite_note-BloombergUkrRus-12"><span class="cite-bracket">[</span>12<span class="cite-bracket">]</span></a></sup> <a href="/wiki/ESET" title="ESET">ESET</a> estimated on 28 June 2017 that 80.0% of all infections were in Ukraine, with Germany second hardest hit with about 9%.<sup id="cite_ref-BBCUkr80_13-0" class="reference"><a href="#cite_note-BBCUkr80-13"><span class="cite-bracket">[</span>13<span class="cite-bracket">]</span></a></sup> Russian president <a href="/wiki/Vladimir_Putin" title="Vladimir Putin">Vladimir Putin</a>'s press secretary, <a href="/wiki/Dmitry_Peskov" title="Dmitry Peskov">Dmitry Peskov</a>, stated that the attack had caused no serious damage in Russia.<sup id="cite_ref-BBCUkr80_13-1" class="reference"><a href="#cite_note-BBCUkr80-13"><span class="cite-bracket">[</span>13<span class="cite-bracket">]</span></a></sup> Experts believed this was a politically-motivated attack against Ukraine, since it occurred on the eve of the Ukrainian holiday <a href="/wiki/Constitution_Day_(Ukraine)" title="Constitution Day (Ukraine)">Constitution Day</a>.<sup id="cite_ref-NYTcfU_14-0" class="reference"><a href="#cite_note-NYTcfU-14"><span class="cite-bracket">[</span>14<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-BBCUkraineR_15-0" class="reference"><a href="#cite_note-BBCUkraineR-15"><span class="cite-bracket">[</span>15<span class="cite-bracket">]</span></a></sup> </p><p><a href="/wiki/Oleksandr_Kardakov" title="Oleksandr Kardakov">Oleksandr Kardakov</a>, the founder of the Oktava Cyber Protection company, emphasizes that the Petya virus stopped a third of Ukraine's economy for three days, resulting in losses of more than 400 million dollars.<sup id="cite_ref-16" class="reference"><a href="#cite_note-16"><span class="cite-bracket">[</span>16<span class="cite-bracket">]</span></a></sup> </p><p>Kaspersky dubbed this variant "NotPetya", as it has major differences in its operations in comparison to earlier variants.<sup id="cite_ref-BBCGlobalR_11-2" class="reference"><a href="#cite_note-BBCGlobalR-11"><span class="cite-bracket">[</span>11<span class="cite-bracket">]</span></a></sup> <a href="/wiki/McAfee" title="McAfee">McAfee</a> engineer Christiaan Beek stated that this variant was designed to spread quickly, and that it had been targeting "complete energy companies, the <a href="/wiki/Power_grid" class="mw-redirect" title="Power grid">power grid</a>, bus stations, gas stations, the airport, and banks".<sup id="cite_ref-BBCGlobalR_11-3" class="reference"><a href="#cite_note-BBCGlobalR-11"><span class="cite-bracket">[</span>11<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-17" class="reference"><a href="#cite_note-17"><span class="cite-bracket">[</span>17<span class="cite-bracket">]</span></a></sup> </p><p>It was believed that the <a href="/wiki/Patch_(computing)#Software_update_systems" title="Patch (computing)">software update mechanism</a> of <a href="/w/index.php?title=M.E.Doc&action=edit&redlink=1" class="new" title="M.E.Doc (page does not exist)">M.E.Doc</a><span class="noprint" style="font-size:85%; font-style: normal;"> [<a href="https://uk.wikipedia.org/wiki/M.E.Doc" class="extiw" title="uk:M.E.Doc">uk</a>]</span>—a Ukrainian tax preparation program that, according to <a href="/wiki/F-Secure" title="F-Secure">F-Secure</a> analyst <a href="/wiki/Mikko_Hypp%C3%B6nen" title="Mikko Hyppönen">Mikko Hyppönen</a>, "appears to be de facto" among companies doing business in the country—had been compromised to spread the malware.<sup id="cite_ref-BBCUkr80_13-2" class="reference"><a href="#cite_note-BBCUkr80-13"><span class="cite-bracket">[</span>13<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-bloomberg-medoc_18-0" class="reference"><a href="#cite_note-bloomberg-medoc-18"><span class="cite-bracket">[</span>18<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-reuters-20170703_19-0" class="reference"><a href="#cite_note-reuters-20170703-19"><span class="cite-bracket">[</span>19<span class="cite-bracket">]</span></a></sup> Analysis by <a href="/wiki/ESET" title="ESET">ESET</a> found that a <a href="/wiki/Backdoor_(computing)" title="Backdoor (computing)">backdoor</a> had been present in the update system for at least six weeks prior to the attack, describing it as a "thoroughly well-planned and well-executed operation".<sup id="cite_ref-ars-backdoormedoc_20-0" class="reference"><a href="#cite_note-ars-backdoormedoc-20"><span class="cite-bracket">[</span>20<span class="cite-bracket">]</span></a></sup> The developers of M.E.Doc denied that they were entirely responsible for the cyberattack, stating that they too were victims.<sup id="cite_ref-bloomberg-medoc_18-1" class="reference"><a href="#cite_note-bloomberg-medoc-18"><span class="cite-bracket">[</span>18<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-ars-medoc_21-0" class="reference"><a href="#cite_note-ars-medoc-21"><span class="cite-bracket">[</span>21<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-22" class="reference"><a href="#cite_note-22"><span class="cite-bracket">[</span>22<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-abcau-medocseized_23-0" class="reference"><a href="#cite_note-abcau-medocseized-23"><span class="cite-bracket">[</span>23<span class="cite-bracket">]</span></a></sup> </p><p>On 4 July 2017, Ukraine's cybercrime unit seized the company's servers after detecting "new activity" that it believed would result in "uncontrolled proliferation" of malware. Ukraine police advised M.E.Doc users to stop using the software, as it presumed that the backdoor was still present.<sup id="cite_ref-ars-backdoormedoc_20-1" class="reference"><a href="#cite_note-ars-backdoormedoc-20"><span class="cite-bracket">[</span>20<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-24" class="reference"><a href="#cite_note-24"><span class="cite-bracket">[</span>24<span class="cite-bracket">]</span></a></sup> Analysis of the seized servers showed that software updates had not been applied since 2013, there was evidence of Russian presence, and an employee's account on the servers had been compromised; the head of the units warned that M.E.Doc could be found criminally responsible for enabling the attack because of its negligence in maintaining the security of their servers.<sup id="cite_ref-ars-backdoormedoc_20-2" class="reference"><a href="#cite_note-ars-backdoormedoc-20"><span class="cite-bracket">[</span>20<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-abcau-medocseized_23-1" class="reference"><a href="#cite_note-abcau-medocseized-23"><span class="cite-bracket">[</span>23<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-reuters-20170705_25-0" class="reference"><a href="#cite_note-reuters-20170705-25"><span class="cite-bracket">[</span>25<span class="cite-bracket">]</span></a></sup> IT-businessman, chairman of the supervisory board of the Oktava Capital company Oleksandr Kardakov proposed to create civil cyber defense in Ukraine.<sup id="cite_ref-26" class="reference"><a href="#cite_note-26"><span class="cite-bracket">[</span>26<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Operation">Operation</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Petya_(malware_family)&action=edit&section=3" title="Edit section: Operation"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>Petya's payload infects the computer's <a href="/wiki/Master_boot_record" title="Master boot record">master boot record</a> (MBR), overwrites the Windows <a href="/wiki/Bootloader" title="Bootloader">bootloader</a>, and triggers a restart. Upon startup, the payload encrypts the <a href="/wiki/Master_File_Table" class="mw-redirect" title="Master File Table">Master File Table</a> of the <a href="/wiki/NTFS" title="NTFS">NTFS</a> <a href="/wiki/File_system" title="File system">file system</a>, and then displays the ransom message demanding a payment made in <a href="/wiki/Bitcoin" title="Bitcoin">Bitcoin</a>.<sup id="cite_ref-nw-petyadouble_6-2" class="reference"><a href="#cite_note-nw-petyadouble-6"><span class="cite-bracket">[</span>6<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-27" class="reference"><a href="#cite_note-27"><span class="cite-bracket">[</span>27<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-verge-notpetya_28-0" class="reference"><a href="#cite_note-verge-notpetya-28"><span class="cite-bracket">[</span>28<span class="cite-bracket">]</span></a></sup> Meanwhile, the computer's screen displays a purportedly output by <a href="/wiki/Chkdsk" class="mw-redirect" title="Chkdsk">chkdsk</a>, Windows' file system scanner, suggesting that the hard drive's sectors are being repaired.<sup id="cite_ref-cp-petya_1-2" class="reference"><a href="#cite_note-cp-petya-1"><span class="cite-bracket">[</span>1<span class="cite-bracket">]</span></a></sup> </p><p>The original payload required the user to grant it administrative privileges; one variant of Petya was bundled with a second payload, Mischa, which activated if Petya failed to install. Mischa is a more conventional ransomware payload that encrypts user documents, as well as executable files, and does not require administrative privileges to execute.<sup id="cite_ref-nw-petyadouble_6-3" class="reference"><a href="#cite_note-nw-petyadouble-6"><span class="cite-bracket">[</span>6<span class="cite-bracket">]</span></a></sup> The earlier versions of Petya disguised their payload as a <a href="/wiki/PDF" title="PDF">PDF</a> file, attached to an e-mail.<sup id="cite_ref-nw-petyadouble_6-4" class="reference"><a href="#cite_note-nw-petyadouble-6"><span class="cite-bracket">[</span>6<span class="cite-bracket">]</span></a></sup> United States Computer Emergency Response Team (US-CERT) and National Cybersecurity and Communications Integration Center (NCCIC) released Malware Initial Findings Report (MIFR) about Petya on 30 June 2017.<sup id="cite_ref-29" class="reference"><a href="#cite_note-29"><span class="cite-bracket">[</span>29<span class="cite-bracket">]</span></a></sup> </p><p>The "NotPetya" variant used in the 2017 attack uses <a href="/wiki/EternalBlue" title="EternalBlue">EternalBlue</a>, an <a href="/wiki/Exploit_(computer_security)" title="Exploit (computer security)">exploit</a> that takes advantage of a <a href="/wiki/Vulnerability_(computing)" class="mw-redirect" title="Vulnerability (computing)">vulnerability</a> in Windows' <a href="/wiki/Server_Message_Block" title="Server Message Block">Server Message Block</a> (SMB) protocol. EternalBlue is generally believed to have been developed by the U.S. <a href="/wiki/National_Security_Agency" title="National Security Agency">National Security Agency</a> (NSA);<sup id="cite_ref-verge-notpetya_28-1" class="reference"><a href="#cite_note-verge-notpetya-28"><span class="cite-bracket">[</span>28<span class="cite-bracket">]</span></a></sup> it was leaked in April 2017 and was also used by <a href="/wiki/WannaCry" class="mw-redirect" title="WannaCry">WannaCry</a>.<sup id="cite_ref-verge-notpetya_28-2" class="reference"><a href="#cite_note-verge-notpetya-28"><span class="cite-bracket">[</span>28<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-ars-eternalblue_30-0" class="reference"><a href="#cite_note-ars-eternalblue-30"><span class="cite-bracket">[</span>30<span class="cite-bracket">]</span></a></sup> The malware harvests passwords (using a tweaked build of open-source <a href="/wiki/Mimikatz" title="Mimikatz">Mimikatz</a><sup id="cite_ref-31" class="reference"><a href="#cite_note-31"><span class="cite-bracket">[</span>31<span class="cite-bracket">]</span></a></sup>) and uses other techniques <a href="/wiki/Vector_(malware)" class="mw-redirect" title="Vector (malware)">to spread</a> to other computers on the same network, and uses those passwords in conjunction with PSExec to run code on other local computers.<sup id="cite_ref-ecot_32-0" class="reference"><a href="#cite_note-ecot-32"><span class="cite-bracket">[</span>32<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-33" class="reference"><a href="#cite_note-33"><span class="cite-bracket">[</span>33<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-techc_34-0" class="reference"><a href="#cite_note-techc-34"><span class="cite-bracket">[</span>34<span class="cite-bracket">]</span></a></sup> Additionally, although it still purports to be ransomware, the encryption routine was modified so that the malware could not technically revert its changes.<sup id="cite_ref-35" class="reference"><a href="#cite_note-35"><span class="cite-bracket">[</span>35<span class="cite-bracket">]</span></a></sup> This characteristic, along with other unusual signs in comparison to WannaCry (including the relatively low unlock fee of US$300, and using a single, fixed Bitcoin wallet to collect ransom payments rather than generating a unique ID for each specific infection for tracking purposes),<sup id="cite_ref-verge-toolate_36-0" class="reference"><a href="#cite_note-verge-toolate-36"><span class="cite-bracket">[</span>36<span class="cite-bracket">]</span></a></sup> prompted researchers to speculate that this attack was not intended to be a profit-generating venture, but to damage devices quickly, and <a href="/wiki/Copycat_crime" title="Copycat crime">ride off</a> the media attention WannaCry received by claiming to be ransomware.<sup id="cite_ref-ars-wiper_37-0" class="reference"><a href="#cite_note-ars-wiper-37"><span class="cite-bracket">[</span>37<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-BBCPMdc_38-0" class="reference"><a href="#cite_note-BBCPMdc-38"><span class="cite-bracket">[</span>38<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Mitigation">Mitigation</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Petya_(malware_family)&action=edit&section=4" title="Edit section: Mitigation"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">See also: <a href="/wiki/Ransomware#Mitigation" title="Ransomware">Ransomware § Mitigation</a>, <a href="/wiki/Infection_control" class="mw-redirect" title="Infection control">Infection control</a>, <a href="/wiki/IT_disaster_recovery" title="IT disaster recovery">IT disaster recovery</a>, <a href="/wiki/Emergency_management" title="Emergency management">Emergency management</a>, and <a href="/wiki/Proactive_cyber_defence" title="Proactive cyber defence">Proactive cyber defence</a></div> <p>It was found that it may be possible to stop the encryption process if an infected computer is immediately shut down when the fictitious chkdsk screen appears,<sup id="cite_ref-39" class="reference"><a href="#cite_note-39"><span class="cite-bracket">[</span>39<span class="cite-bracket">]</span></a></sup> and a security analyst proposed that creating <a href="/wiki/File_system_permissions" class="mw-redirect" title="File system permissions">read-only</a> files named <code>perfc</code> and/or <code>perfc.dat</code> in the Windows installation directory could prevent the payload of the current strain from executing.<sup id="cite_ref-40" class="reference"><a href="#cite_note-40"><span class="cite-bracket">[</span>40<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-41" class="reference"><a href="#cite_note-41"><span class="cite-bracket">[</span>41<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-42" class="reference"><a href="#cite_note-42"><span class="cite-bracket">[</span>42<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-43" class="reference"><a href="#cite_note-43"><span class="cite-bracket">[</span>43<span class="cite-bracket">]</span></a></sup> The email address listed on the ransom screen was suspended by its provider, <a href="/wiki/Posteo" title="Posteo">Posteo</a>, for being a violation of its <a href="/wiki/Terms_of_use" class="mw-redirect" title="Terms of use">terms of use</a>. As a result, infected users could not actually send the required payment confirmation to the perpetrator.<sup id="cite_ref-verge-toolate_36-1" class="reference"><a href="#cite_note-verge-toolate-36"><span class="cite-bracket">[</span>36<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-44" class="reference"><a href="#cite_note-44"><span class="cite-bracket">[</span>44<span class="cite-bracket">]</span></a></sup> Additionally, if the computer's filesystem was FAT based, the MFT encryption sequence was skipped, and only the ransomware's message was displayed, allowing data to be recovered trivially.<sup id="cite_ref-45" class="reference"><a href="#cite_note-45"><span class="cite-bracket">[</span>45<span class="cite-bracket">]</span></a></sup> </p><p>Microsoft had already released patches for supported versions of <a href="/wiki/Microsoft_Windows" title="Microsoft Windows">Windows</a> in March 2017 to address the EternalBlue vulnerability. This was followed by patches for unsupported versions of Windows (such as <a href="/wiki/Windows_XP" title="Windows XP">Windows XP</a>) in May 2017, in the direct wake of WannaCry.<sup id="cite_ref-6facts_46-0" class="reference"><a href="#cite_note-6facts-46"><span class="cite-bracket">[</span>46<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-verge-unsupported_47-0" class="reference"><a href="#cite_note-verge-unsupported-47"><span class="cite-bracket">[</span>47<span class="cite-bracket">]</span></a></sup> <i>Wired</i> believed that "based on the extent of damage Petya has caused so far, though, it appears that many companies have put off patching, despite the clear and potentially devastating threat of a similar ransomware spread."<sup id="cite_ref-48" class="reference"><a href="#cite_note-48"><span class="cite-bracket">[</span>48<span class="cite-bracket">]</span></a></sup> Some enterprises may consider it too disruptive to install updates on certain systems, either due to possible downtime or compatibility concerns, which can be problematic in some environments.<sup id="cite_ref-6facts_46-1" class="reference"><a href="#cite_note-6facts-46"><span class="cite-bracket">[</span>46<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Impact">Impact</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Petya_(malware_family)&action=edit&section=5" title="Edit section: Impact"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p>In a report published by <i>Wired</i>, a White House assessment pegged the total damages brought about by NotPetya to more than $10 billion. This assessment was repeated by former Homeland Security advisor <a href="/wiki/Tom_Bossert" title="Tom Bossert">Tom Bossert</a>, who at the time of the attack was the most senior cybersecurity focused official in the US government.<sup id="cite_ref-Wired_2018_49-0" class="reference"><a href="#cite_note-Wired_2018-49"><span class="cite-bracket">[</span>49<span class="cite-bracket">]</span></a></sup> </p><p>During the attack initiated on 27 June 2017, the radiation monitoring system at Ukraine's <a href="/wiki/Chernobyl_Nuclear_Power_Plant" title="Chernobyl Nuclear Power Plant">Chernobyl Nuclear Power Plant</a> went offline.<sup id="cite_ref-50" class="reference"><a href="#cite_note-50"><span class="cite-bracket">[</span>50<span class="cite-bracket">]</span></a></sup> Several Ukrainian ministries, banks and metro systems were also affected.<sup id="cite_ref-NYTRan_51-0" class="reference"><a href="#cite_note-NYTRan-51"><span class="cite-bracket">[</span>51<span class="cite-bracket">]</span></a></sup> It is said to have been the most destructive cyberattack ever.<sup id="cite_ref-52" class="reference"><a href="#cite_note-52"><span class="cite-bracket">[</span>52<span class="cite-bracket">]</span></a></sup> </p><p>Among those affected elsewhere included British advertising company <a href="/wiki/WPP_plc" title="WPP plc">WPP</a>,<sup id="cite_ref-NYTRan_51-1" class="reference"><a href="#cite_note-NYTRan-51"><span class="cite-bracket">[</span>51<span class="cite-bracket">]</span></a></sup> <a href="/wiki/Maersk" title="Maersk">Maersk Line</a>,<sup id="cite_ref-NPRCyber_53-0" class="reference"><a href="#cite_note-NPRCyber-53"><span class="cite-bracket">[</span>53<span class="cite-bracket">]</span></a></sup> American pharmaceutical company <a href="/wiki/Merck_%26_Co." title="Merck & Co.">Merck & Co.</a> (internationally doing business as MSD), Russian oil company <a href="/wiki/Rosneft" title="Rosneft">Rosneft</a> (its oil production was unaffected<sup id="cite_ref-54" class="reference"><a href="#cite_note-54"><span class="cite-bracket">[</span>54<span class="cite-bracket">]</span></a></sup>), multinational law firm <a href="/wiki/DLA_Piper" title="DLA Piper">DLA Piper</a>,<sup id="cite_ref-NYTRan_51-2" class="reference"><a href="#cite_note-NYTRan-51"><span class="cite-bracket">[</span>51<span class="cite-bracket">]</span></a></sup> French construction company <a href="/wiki/Saint-Gobain" title="Saint-Gobain">Saint-Gobain</a> and its retail and subsidiary outlets in Estonia,<sup id="cite_ref-Postimees_55-0" class="reference"><a href="#cite_note-Postimees-55"><span class="cite-bracket">[</span>55<span class="cite-bracket">]</span></a></sup> British consumer goods company <a href="/wiki/Reckitt_Benckiser" class="mw-redirect" title="Reckitt Benckiser">Reckitt Benckiser</a>,<sup id="cite_ref-56" class="reference"><a href="#cite_note-56"><span class="cite-bracket">[</span>56<span class="cite-bracket">]</span></a></sup> German personal care company <a href="/wiki/Beiersdorf" title="Beiersdorf">Beiersdorf</a>, German logistics company <a href="/wiki/DHL_Express" class="mw-redirect" title="DHL Express">DHL</a>,<sup id="cite_ref-57" class="reference"><a href="#cite_note-57"><span class="cite-bracket">[</span>57<span class="cite-bracket">]</span></a></sup> United States food company <a href="/wiki/Mondelez_International" title="Mondelez International">Mondelez International</a>, and American hospital operator Heritage Valley Health System.<sup id="cite_ref-BBCGlobalR_11-4" class="reference"><a href="#cite_note-BBCGlobalR-11"><span class="cite-bracket">[</span>11<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-58" class="reference"><a href="#cite_note-58"><span class="cite-bracket">[</span>58<span class="cite-bracket">]</span></a></sup> The <a href="/wiki/Cadbury%27s_Chocolate_Factory,_Tasmania" title="Cadbury's Chocolate Factory, Tasmania">Cadbury's Chocolate Factory</a> in <a href="/wiki/Hobart" title="Hobart">Hobart</a>, Tasmania, is the first company in Australia to be affected by Petya.<sup id="cite_ref-59" class="reference"><a href="#cite_note-59"><span class="cite-bracket">[</span>59<span class="cite-bracket">]</span></a></sup> On 28 June 2017, <a href="/wiki/Jawaharlal_Nehru_Port#Jawaharlal_Nehru_Port_Trust" title="Jawaharlal Nehru Port">JNPT</a>, India's largest container port, had reportedly been affected, with all operations coming to a standstill.<sup id="cite_ref-60" class="reference"><a href="#cite_note-60"><span class="cite-bracket">[</span>60<span class="cite-bracket">]</span></a></sup> Princeton Community Hospital in rural West Virginia will scrap and replace its entire computer network on its path to recovery.<sup id="cite_ref-61" class="reference"><a href="#cite_note-61"><span class="cite-bracket">[</span>61<span class="cite-bracket">]</span></a></sup> </p><p>The business interruption to Maersk, the world's largest container ship and supply vessel operator, was estimated between $200m and $300m in lost revenues.<sup id="cite_ref-Wired_2018_49-1" class="reference"><a href="#cite_note-Wired_2018-49"><span class="cite-bracket">[</span>49<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-62" class="reference"><a href="#cite_note-62"><span class="cite-bracket">[</span>62<span class="cite-bracket">]</span></a></sup> </p><p>The business impact on FedEx is estimated to be $400m in 2018, according to the company's 2019 annual report.<sup id="cite_ref-63" class="reference"><a href="#cite_note-63"><span class="cite-bracket">[</span>63<span class="cite-bracket">]</span></a></sup> </p><p><a href="/wiki/Jens_Stoltenberg" title="Jens Stoltenberg">Jens Stoltenberg</a>, <a href="/wiki/NATO" title="NATO">NATO</a> Secretary-General, pressed the alliance to strengthen its cyber defenses, saying that a cyberattack could trigger the Article 5 principle of collective defense.<sup id="cite_ref-64" class="reference"><a href="#cite_note-64"><span class="cite-bracket">[</span>64<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-65" class="reference"><a href="#cite_note-65"><span class="cite-bracket">[</span>65<span class="cite-bracket">]</span></a></sup> </p><p>Mondelez International's insurance carrier, <a href="/wiki/Zurich_American_Insurance_Company" class="mw-redirect" title="Zurich American Insurance Company">Zurich American Insurance Company</a>, has refused to pay out a claim for cleaning up damage from a NotPetya infection, on the grounds that NotPetya is an "act of war" that is not covered by the policy. Mondelez sued Zurich American for $100 million in 2018;<sup id="cite_ref-66" class="reference"><a href="#cite_note-66"><span class="cite-bracket">[</span>66<span class="cite-bracket">]</span></a></sup> the suit was settled in 2022 with the terms of the settlement remaining confidential.<sup id="cite_ref-67" class="reference"><a href="#cite_note-67"><span class="cite-bracket">[</span>67<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Reaction">Reaction</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Petya_(malware_family)&action=edit&section=6" title="Edit section: Reaction"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <p><a href="/wiki/Europol" title="Europol">Europol</a> said it was aware of and urgently responding to reports of a cyber attack in member states of the <a href="/wiki/European_Union" title="European Union">European Union</a>.<sup id="cite_ref-BloombergUkrRus_12-1" class="reference"><a href="#cite_note-BloombergUkrRus-12"><span class="cite-bracket">[</span>12<span class="cite-bracket">]</span></a></sup> The <a href="/wiki/United_States_Department_of_Homeland_Security" title="United States Department of Homeland Security">United States Department of Homeland Security</a> was involved and coordinating with its international and local partners.<sup id="cite_ref-NPRCyber_53-1" class="reference"><a href="#cite_note-NPRCyber-53"><span class="cite-bracket">[</span>53<span class="cite-bracket">]</span></a></sup> In a letter to the NSA,<sup id="cite_ref-68" class="reference"><a href="#cite_note-68"><span class="cite-bracket">[</span>68<span class="cite-bracket">]</span></a></sup> Democratic Congressman <a href="/wiki/Ted_Lieu" title="Ted Lieu">Ted Lieu</a> asked the agency to collaborate more actively with technology companies to notify them of software vulnerabilities and help them prevent future attacks based on malware created by the NSA.<sup id="cite_ref-techc_34-1" class="reference"><a href="#cite_note-techc-34"><span class="cite-bracket">[</span>34<span class="cite-bracket">]</span></a></sup><sup id="cite_ref-69" class="reference"><a href="#cite_note-69"><span class="cite-bracket">[</span>69<span class="cite-bracket">]</span></a></sup> On 15 February 2018, the Trump administration blamed Russia for the attack and warned that there would be "international consequences".<sup id="cite_ref-70" class="reference"><a href="#cite_note-70"><span class="cite-bracket">[</span>70<span class="cite-bracket">]</span></a></sup> The United Kingdom and the Australian government also issued similar statements.<sup id="cite_ref-71" class="reference"><a href="#cite_note-71"><span class="cite-bracket">[</span>71<span class="cite-bracket">]</span></a></sup> </p><p>In October 2020 the DOJ named further GRU officers in an indictment.<sup id="cite_ref-72" class="reference"><a href="#cite_note-72"><span class="cite-bracket">[</span>72<span class="cite-bracket">]</span></a></sup> At the same time, the UK government blamed GRU's Sandworm also for attacks on the 2020 Summer Games.<sup id="cite_ref-73" class="reference"><a href="#cite_note-73"><span class="cite-bracket">[</span>73<span class="cite-bracket">]</span></a></sup> </p> <div class="mw-heading mw-heading2"><h2 id="Other_notable_low-level_malware">Other notable low-level malware</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Petya_(malware_family)&action=edit&section=7" title="Edit section: Other notable low-level malware"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><a href="/wiki/CIH_(computer_virus)" title="CIH (computer virus)">CIH</a> (1998)</li> <li><a href="/wiki/Stuxnet" title="Stuxnet">Stuxnet</a> (2010)</li> <li><a href="/wiki/WannaCry_ransomware_attack" title="WannaCry ransomware attack">WannaCry</a> (2017)</li></ul> <div class="mw-heading mw-heading2"><h2 id="See_also">See also</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Petya_(malware_family)&action=edit&section=8" title="Edit section: See also"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <ul><li><span class="nowrap"><span class="noviewer" typeof="mw:File"><a href="/wiki/File:Crystal_Clear_app_linneighborhood.svg" class="mw-file-description"><img alt="icon" src="//upload.wikimedia.org/wikipedia/commons/thumb/f/f9/Crystal_Clear_app_linneighborhood.svg/28px-Crystal_Clear_app_linneighborhood.svg.png" decoding="async" width="28" height="28" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/f/f9/Crystal_Clear_app_linneighborhood.svg/42px-Crystal_Clear_app_linneighborhood.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/f/f9/Crystal_Clear_app_linneighborhood.svg/56px-Crystal_Clear_app_linneighborhood.svg.png 2x" data-file-width="407" data-file-height="407" /></a></span> </span><a href="/wiki/Portal:Internet" title="Portal:Internet">Internet portal</a></li> <li><span class="nowrap"><span class="noviewer" typeof="mw:File"><a href="/wiki/File:Balance,_by_David.svg" class="mw-file-description"><img alt="icon" src="//upload.wikimedia.org/wikipedia/commons/thumb/1/17/Balance%2C_by_David.svg/30px-Balance%2C_by_David.svg.png" decoding="async" width="30" height="28" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/1/17/Balance%2C_by_David.svg/46px-Balance%2C_by_David.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/1/17/Balance%2C_by_David.svg/61px-Balance%2C_by_David.svg.png 2x" data-file-width="606" data-file-height="558" /></a></span> </span><a href="/wiki/Portal:Law" title="Portal:Law">Law portal</a></li> <li><a href="/wiki/BlackEnergy" title="BlackEnergy">BlackEnergy</a></li> <li><a href="/wiki/Domain_controller_(Windows)" title="Domain controller (Windows)">Domain controller (Windows)</a></li> <li><a href="/wiki/EternalBlue" title="EternalBlue">EternalBlue</a></li> <li><a href="/wiki/Mimikatz" title="Mimikatz">Mimikatz</a></li> <li><a href="/wiki/Sandworm_(hacker_group)" title="Sandworm (hacker group)">Sandworm (hacker group)</a></li> <li><a href="/wiki/Server_Message_Block" title="Server Message Block">Server Message Block</a></li> <li><a href="/wiki/Vulkan_files_leak" title="Vulkan files leak">Vulkan files leak</a></li></ul> <div class="mw-heading mw-heading2"><h2 id="References">References</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Petya_(malware_family)&action=edit&section=9" title="Edit section: References"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1239543626">.mw-parser-output .reflist{margin-bottom:0.5em;list-style-type:decimal}@media screen{.mw-parser-output .reflist{font-size:90%}}.mw-parser-output .reflist .references{font-size:100%;margin-bottom:0;list-style-type:inherit}.mw-parser-output .reflist-columns-2{column-width:30em}.mw-parser-output .reflist-columns-3{column-width:25em}.mw-parser-output .reflist-columns{margin-top:0.3em}.mw-parser-output .reflist-columns ol{margin-top:0}.mw-parser-output .reflist-columns li{page-break-inside:avoid;break-inside:avoid-column}.mw-parser-output .reflist-upper-alpha{list-style-type:upper-alpha}.mw-parser-output .reflist-upper-roman{list-style-type:upper-roman}.mw-parser-output .reflist-lower-alpha{list-style-type:lower-alpha}.mw-parser-output .reflist-lower-greek{list-style-type:lower-greek}.mw-parser-output .reflist-lower-roman{list-style-type:lower-roman}</style><div class="reflist"> <div class="mw-references-wrap mw-references-columns"><ol class="references"> <li id="cite_note-cp-petya-1"><span class="mw-cite-backlink">^ <a href="#cite_ref-cp-petya_1-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-cp-petya_1-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-cp-petya_1-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><style data-mw-deduplicate="TemplateStyles:r1238218222">.mw-parser-output cite.citation{font-style:inherit;word-wrap:break-word}.mw-parser-output .citation q{quotes:"\"""\"""'""'"}.mw-parser-output .citation:target{background-color:rgba(0,127,255,0.133)}.mw-parser-output .id-lock-free.id-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/6/65/Lock-green.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-limited.id-lock-limited a,.mw-parser-output .id-lock-registration.id-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/d/d6/Lock-gray-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-subscription.id-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/a/aa/Lock-red-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .cs1-ws-icon a{background:url("//upload.wikimedia.org/wikipedia/commons/4/4c/Wikisource-logo.svg")right 0.1em center/12px no-repeat}body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-free a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-limited a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-registration a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-subscription a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .cs1-ws-icon a{background-size:contain;padding:0 1em 0 0}.mw-parser-output .cs1-code{color:inherit;background:inherit;border:none;padding:inherit}.mw-parser-output .cs1-hidden-error{display:none;color:var(--color-error,#d33)}.mw-parser-output .cs1-visible-error{color:var(--color-error,#d33)}.mw-parser-output .cs1-maint{display:none;color:#085;margin-left:0.3em}.mw-parser-output .cs1-kern-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right{padding-right:0.2em}.mw-parser-output .citation .mw-selflink{font-weight:inherit}@media screen{.mw-parser-output .cs1-format{font-size:95%}html.skin-theme-clientpref-night .mw-parser-output .cs1-maint{color:#18911f}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .cs1-maint{color:#18911f}}</style><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://blog.checkpoint.com/2016/04/11/decrypting-the-petya-ransomware/">"Decrypting the Petya Ransomware"</a>. <i>Check Point Blog</i>. 11 April 2016. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170630193942/http://blog.checkpoint.com/2016/04/11/decrypting-the-petya-ransomware/">Archived</a> from the original on 30 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">27 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Check+Point+Blog&rft.atitle=Decrypting+the+Petya+Ransomware&rft.date=2016-04-11&rft_id=http%3A%2F%2Fblog.checkpoint.com%2F2016%2F04%2F11%2Fdecrypting-the-petya-ransomware%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-:0-2"><span class="mw-cite-backlink">^ <a href="#cite_ref-:0_2-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-:0_2-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGreenberg2018" class="citation magazine cs1">Greenberg, Andy (22 August 2018). <a rel="nofollow" class="external text" href="https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world">"The Untold Story of NotPetya, the Most Devastating Cyberattack in History"</a>. <i><a href="/wiki/Wired_(magazine)" title="Wired (magazine)">Wired</a></i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180827011920/https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/">Archived</a> from the original on 27 August 2018<span class="reference-accessdate">. Retrieved <span class="nowrap">27 August</span> 2018</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Wired&rft.atitle=The+Untold+Story+of+NotPetya%2C+the+Most+Devastating+Cyberattack+in+History&rft.date=2018-08-22&rft.aulast=Greenberg&rft.aufirst=Andy&rft_id=https%3A%2F%2Fwww.wired.com%2Fstory%2Fnotpetya-cyberattack-ukraine-russia-code-crashed-the-world&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-3"><span class="mw-cite-backlink"><b><a href="#cite_ref-3">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGreerberg2019" class="citation magazine cs1">Greerberg, Andy (21 November 2019). <a rel="nofollow" class="external text" href="https://www.wired.com/story/sandworm-android-malware/">"Russia's 'Sandworm' Hackers Also Targeted Android Phones"</a>. <i>Wired</i>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/1059-1028">1059-1028</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20200326173229/https://www.wired.com/story/sandworm-android-malware/">Archived</a> from the original on 26 March 2020<span class="reference-accessdate">. Retrieved <span class="nowrap">26 March</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Wired&rft.atitle=Russia%27s+%27Sandworm%27+Hackers+Also+Targeted+Android+Phones&rft.date=2019-11-21&rft.issn=1059-1028&rft.aulast=Greerberg&rft.aufirst=Andy&rft_id=https%3A%2F%2Fwww.wired.com%2Fstory%2Fsandworm-android-malware%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-4"><span class="mw-cite-backlink"><b><a href="#cite_ref-4">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFKovacs2018" class="citation web cs1">Kovacs, Edouard (16 February 2018). <a rel="nofollow" class="external text" href="https://www.securityweek.com/us-canada-australia-attribute-notpetya-attack-russia">"U.S., Canada, Australia Attribute NotPetya Attack to Russia | SecurityWeek.Com"</a>. <i>www.securityweek.com</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20200326173239/https://www.securityweek.com/us-canada-australia-attribute-notpetya-attack-russia">Archived</a> from the original on 26 March 2020<span class="reference-accessdate">. Retrieved <span class="nowrap">26 March</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.securityweek.com&rft.atitle=U.S.%2C+Canada%2C+Australia+Attribute+NotPetya+Attack+to+Russia+%7C+SecurityWeek.Com&rft.date=2018-02-16&rft.aulast=Kovacs&rft.aufirst=Edouard&rft_id=https%3A%2F%2Fwww.securityweek.com%2Fus-canada-australia-attribute-notpetya-attack-russia&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-5"><span class="mw-cite-backlink"><b><a href="#cite_ref-5">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGidwani2020" class="citation web cs1">Gidwani, Toni (26 March 2020). <a rel="nofollow" class="external text" href="https://blog.google/technology/safety-security/threat-analysis-group/identifying-vulnerabilities-and-protecting-you-phishing/">"Identifying vulnerabilities and protecting you from phishing"</a>. <i>Google</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20200326173520/https://blog.google/technology/safety-security/threat-analysis-group/identifying-vulnerabilities-and-protecting-you-phishing/">Archived</a> from the original on 26 March 2020<span class="reference-accessdate">. Retrieved <span class="nowrap">26 March</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Google&rft.atitle=Identifying+vulnerabilities+and+protecting+you+from+phishing&rft.date=2020-03-26&rft.aulast=Gidwani&rft.aufirst=Toni&rft_id=https%3A%2F%2Fblog.google%2Ftechnology%2Fsafety-security%2Fthreat-analysis-group%2Fidentifying-vulnerabilities-and-protecting-you-phishing%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-nw-petyadouble-6"><span class="mw-cite-backlink">^ <a href="#cite_ref-nw-petyadouble_6-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-nw-petyadouble_6-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-nw-petyadouble_6-2"><sup><i><b>c</b></i></sup></a> <a href="#cite_ref-nw-petyadouble_6-3"><sup><i><b>d</b></i></sup></a> <a href="#cite_ref-nw-petyadouble_6-4"><sup><i><b>e</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFConstantin2016" class="citation news cs1">Constantin, Lucian (13 May 2016). <a rel="nofollow" class="external text" href="http://www.networkworld.com/article/3069990/petya-ransomware-is-now-double-the-trouble.html">"Petya ransomware is now double the trouble"</a>. <i>NetworkWorld</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170731151832/http://www.networkworld.com/article/3069990/petya-ransomware-is-now-double-the-trouble.html">Archived</a> from the original on 31 July 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">27 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=NetworkWorld&rft.atitle=Petya+ransomware+is+now+double+the+trouble&rft.date=2016-05-13&rft.aulast=Constantin&rft.aufirst=Lucian&rft_id=http%3A%2F%2Fwww.networkworld.com%2Farticle%2F3069990%2Fpetya-ransomware-is-now-double-the-trouble.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-7"><span class="mw-cite-backlink"><b><a href="#cite_ref-7">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFScherschel,_Fabian_A.2016" class="citation web cs1 cs1-prop-foreign-lang-source">Scherschel, Fabian A. (15 December 2016). <a rel="nofollow" class="external text" href="https://www.heise.de/newsticker/meldung/Petya-Mischa-Goldeneye-Die-Erpresser-sind-Nerds-3571937.html">"Petya, Mischa, Goldeneye: Die Erpresser sind Nerds"</a> (in German). <a href="/wiki/Heise_Online" class="mw-redirect" title="Heise Online">Heise Online</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170922100213/https://www.heise.de/newsticker/meldung/Petya-Mischa-Goldeneye-Die-Erpresser-sind-Nerds-3571937.html">Archived</a> from the original on 22 September 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">3 July</span> 2017</span>. <q>Die Virenschreiber hinter diesen Erpressungstrojanern scheinen große Fans des Films zu sein. Wahrscheinlich sind sie in den Neunzigern aufgewachsen und identifizieren sich mit Boris Grishenko, dem russischen Hacker-Genie aus dem Film. Ob ein Twitter-Konto, welches genau auf dieses Profil passt, ein Bild von Boris Grishenko als Avatar nutzt und nach dem Verbrechersyndikat aus dem Film benannt ist, von den Drahtziehern betrieben wird, konnten wir nicht bestätigen. Aber es ist immerhin denkbar.</q></cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Petya%2C+Mischa%2C+Goldeneye%3A+Die+Erpresser+sind+Nerds&rft.pub=Heise+Online&rft.date=2016-12-15&rft.au=Scherschel%2C+Fabian+A.&rft_id=https%3A%2F%2Fwww.heise.de%2Fnewsticker%2Fmeldung%2FPetya-Mischa-Goldeneye-Die-Erpresser-sind-Nerds-3571937.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-8"><span class="mw-cite-backlink"><b><a href="#cite_ref-8">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFIliyeva2017" class="citation web cs1 cs1-prop-foreign-lang-source">Iliyeva, Valery (7 August 2017). <a rel="nofollow" class="external text" href="http://dniprograd.org/2017/08/07/na-dnipropetrovshchini-vikrili-cholovika-yakiy-rozpovsyudzhuvav-virus-petyaa_59243">"На Дніпропетровщині викрили чоловіка, який розповсюджував вірус "Petya.A"<span class="cs1-kern-right"></span>"</a>. <i>Dniprograd</i> (in Ukrainian). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180907183045/http://dniprograd.org/2017/08/07/na-dnipropetrovshchini-vikrili-cholovika-yakiy-rozpovsyudzhuvav-virus-petyaa_59243">Archived</a> from the original on 7 September 2018<span class="reference-accessdate">. Retrieved <span class="nowrap">7 September</span> 2018</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Dniprograd&rft.atitle=%D0%9D%D0%B0+%D0%94%D0%BD%D1%96%D0%BF%D1%80%D0%BE%D0%BF%D0%B5%D1%82%D1%80%D0%BE%D0%B2%D1%89%D0%B8%D0%BD%D1%96+%D0%B2%D0%B8%D0%BA%D1%80%D0%B8%D0%BB%D0%B8+%D1%87%D0%BE%D0%BB%D0%BE%D0%B2%D1%96%D0%BA%D0%B0%2C+%D1%8F%D0%BA%D0%B8%D0%B9+%D1%80%D0%BE%D0%B7%D0%BF%D0%BE%D0%B2%D1%81%D1%8E%D0%B4%D0%B6%D1%83%D0%B2%D0%B0%D0%B2+%D0%B2%D1%96%D1%80%D1%83%D1%81+%22Petya.A%22&rft.date=2017-08-07&rft.aulast=Iliyeva&rft.aufirst=Valery&rft_id=http%3A%2F%2Fdniprograd.org%2F2017%2F08%2F07%2Fna-dnipropetrovshchini-vikrili-cholovika-yakiy-rozpovsyudzhuvav-virus-petyaa_59243&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-9"><span class="mw-cite-backlink"><b><a href="#cite_ref-9">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMuracha2018" class="citation web cs1 cs1-prop-foreign-lang-source">Muracha, Ivan (3 September 2018). <a rel="nofollow" class="external text" href="http://dniprograd.org/2018/09/03/regionalniy-koordinator-virusu-retya-na-dnipropetrovshchini-otrimav-odin-rik-tyurmi_70920">"Регіональний "координатор" вірусу РЕТYА на Дніпропетровщині отримав один рік тюрми"</a>. <i>Dniprograd</i> (in Ukrainian). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180907221235/http://dniprograd.org/2018/09/03/regionalniy-koordinator-virusu-retya-na-dnipropetrovshchini-otrimav-odin-rik-tyurmi_70920">Archived</a> from the original on 7 September 2018<span class="reference-accessdate">. Retrieved <span class="nowrap">7 September</span> 2018</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Dniprograd&rft.atitle=%D0%A0%D0%B5%D0%B3%D1%96%D0%BE%D0%BD%D0%B0%D0%BB%D1%8C%D0%BD%D0%B8%D0%B9+%22%D0%BA%D0%BE%D0%BE%D1%80%D0%B4%D0%B8%D0%BD%D0%B0%D1%82%D0%BE%D1%80%22+%D0%B2%D1%96%D1%80%D1%83%D1%81%D1%83+%D0%A0%D0%95%D0%A2Y%D0%90+%D0%BD%D0%B0+%D0%94%D0%BD%D1%96%D0%BF%D1%80%D0%BE%D0%BF%D0%B5%D1%82%D1%80%D0%BE%D0%B2%D1%89%D0%B8%D0%BD%D1%96+%D0%BE%D1%82%D1%80%D0%B8%D0%BC%D0%B0%D0%B2+%D0%BE%D0%B4%D0%B8%D0%BD+%D1%80%D1%96%D0%BA+%D1%82%D1%8E%D1%80%D0%BC%D0%B8&rft.date=2018-09-03&rft.aulast=Muracha&rft.aufirst=Ivan&rft_id=http%3A%2F%2Fdniprograd.org%2F2018%2F09%2F03%2Fregionalniy-koordinator-virusu-retya-na-dnipropetrovshchini-otrimav-odin-rik-tyurmi_70920&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-10"><span class="mw-cite-backlink"><b><a href="#cite_ref-10">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://court.gov.ua/archive/546734/">"Оголошено вирок у справі за фактами масштабних кібератак вірусу "PETYA"<span class="cs1-kern-right"></span>"</a>. Judiciary of Ukraine. 31 August 2018. <a rel="nofollow" class="external text" href="https://archive.today/20180907033205/https://court.gov.ua/archive/546734/">Archived</a> from the original on 7 September 2018<span class="reference-accessdate">. Retrieved <span class="nowrap">7 September</span> 2018</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=%D0%9E%D0%B3%D0%BE%D0%BB%D0%BE%D1%88%D0%B5%D0%BD%D0%BE+%D0%B2%D0%B8%D1%80%D0%BE%D0%BA+%D1%83+%D1%81%D0%BF%D1%80%D0%B0%D0%B2%D1%96+%D0%B7%D0%B0+%D1%84%D0%B0%D0%BA%D1%82%D0%B0%D0%BC%D0%B8+%D0%BC%D0%B0%D1%81%D1%88%D1%82%D0%B0%D0%B1%D0%BD%D0%B8%D1%85+%D0%BA%D1%96%D0%B1%D0%B5%D1%80%D0%B0%D1%82%D0%B0%D0%BA+%D0%B2%D1%96%D1%80%D1%83%D1%81%D1%83+%22PETYA%22&rft.pub=Judiciary+of+Ukraine&rft.date=2018-08-31&rft_id=https%3A%2F%2Fcourt.gov.ua%2Farchive%2F546734%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-BBCGlobalR-11"><span class="mw-cite-backlink">^ <a href="#cite_ref-BBCGlobalR_11-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-BBCGlobalR_11-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-BBCGlobalR_11-2"><sup><i><b>c</b></i></sup></a> <a href="#cite_ref-BBCGlobalR_11-3"><sup><i><b>d</b></i></sup></a> <a href="#cite_ref-BBCGlobalR_11-4"><sup><i><b>e</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.bbc.com/news/technology-40416611">"Global ransomware attack causes chaos"</a>. <i>BBC News</i>. 27 June 2017. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170627135748/http://www.bbc.com/news/technology-40416611">Archived</a> from the original on 27 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">27 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=BBC+News&rft.atitle=Global+ransomware+attack+causes+chaos&rft.date=2017-06-27&rft_id=https%3A%2F%2Fwww.bbc.com%2Fnews%2Ftechnology-40416611&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-BloombergUkrRus-12"><span class="mw-cite-backlink">^ <a href="#cite_ref-BloombergUkrRus_12-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-BloombergUkrRus_12-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFTurnerVerbyanyKravchenko2017" class="citation web cs1">Turner, Giles; Verbyany, Volodymyr; Kravchenko, Stepan (27 June 2017). <a rel="nofollow" class="external text" href="https://www.bloomberg.com/news/articles/2017-06-27/ukraine-russia-report-ransomware-computer-virus-attacks">"New Cyberattack Goes Global, Hits WPP, Rosneft, Maersk"</a>. <i>Bloomberg</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20191105134354/https://www.bloomberg.com/news/articles/2017-06-27/ukraine-russia-report-ransomware-computer-virus-attacks">Archived</a> from the original on 5 November 2019<span class="reference-accessdate">. Retrieved <span class="nowrap">27 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Bloomberg&rft.atitle=New+Cyberattack+Goes+Global%2C+Hits+WPP%2C+Rosneft%2C+Maersk&rft.date=2017-06-27&rft.aulast=Turner&rft.aufirst=Giles&rft.au=Verbyany%2C+Volodymyr&rft.au=Kravchenko%2C+Stepan&rft_id=https%3A%2F%2Fwww.bloomberg.com%2Fnews%2Farticles%2F2017-06-27%2Fukraine-russia-report-ransomware-computer-virus-attacks&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-BBCUkr80-13"><span class="mw-cite-backlink">^ <a href="#cite_ref-BBCUkr80_13-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-BBCUkr80_13-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-BBCUkr80_13-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFWakefield2017" class="citation news cs1">Wakefield, Jane (28 June 2017). <a rel="nofollow" class="external text" href="https://www.bbc.com/news/technology-40428967">"Tax software blamed for cyber-attack spread"</a>. <i>BBC News</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170628134132/http://www.bbc.com/news/technology-40428967">Archived</a> from the original on 28 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">28 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=BBC+News&rft.atitle=Tax+software+blamed+for+cyber-attack+spread&rft.date=2017-06-28&rft.aulast=Wakefield&rft.aufirst=Jane&rft_id=https%3A%2F%2Fwww.bbc.com%2Fnews%2Ftechnology-40428967&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-NYTcfU-14"><span class="mw-cite-backlink"><b><a href="#cite_ref-NYTcfU_14-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFPerlrothScottFrenkel2017" class="citation news cs1">Perlroth, Nicole; Scott, Mark; Frenkel, Sheera (27 June 2017). <span class="id-lock-subscription" title="Paid subscription required"><a rel="nofollow" class="external text" href="https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html">"Cyberattack Hits Ukraine Then Spreads Internationally"</a></span>. <i><a href="/wiki/The_New_York_Times" title="The New York Times">The New York Times</a></i>. <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/ProQuest" title="ProQuest">ProQuest</a> <a rel="nofollow" class="external text" href="https://www.proquest.com/docview/1913883917">1913883917</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180413005050/https://mobile.nytimes.com/2017/06/27/technology/ransomware-hackers.html">Archived</a> from the original on 13 April 2018<span class="reference-accessdate">. Retrieved <span class="nowrap">24 March</span> 2023</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+New+York+Times&rft.atitle=Cyberattack+Hits+Ukraine+Then+Spreads+Internationally&rft.date=2017-06-27&rft.aulast=Perlroth&rft.aufirst=Nicole&rft.au=Scott%2C+Mark&rft.au=Frenkel%2C+Sheera&rft_id=https%3A%2F%2Fwww.nytimes.com%2F2017%2F06%2F27%2Ftechnology%2Fransomware-hackers.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-BBCUkraineR-15"><span class="mw-cite-backlink"><b><a href="#cite_ref-BBCUkraineR_15-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLee2017" class="citation news cs1">Lee, David (28 June 2017). <a rel="nofollow" class="external text" href="https://www.bbc.com/news/technology-40427907">"<span class="cs1-kern-left"></span>'Vaccine' created for huge cyber-attack"</a>. <i>BBC News</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170628072258/http://www.bbc.com/news/technology-40427907">Archived</a> from the original on 28 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">28 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=BBC+News&rft.atitle=%27Vaccine%27+created+for+huge+cyber-attack&rft.date=2017-06-28&rft.aulast=Lee&rft.aufirst=David&rft_id=https%3A%2F%2Fwww.bbc.com%2Fnews%2Ftechnology-40427907&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-16"><span class="mw-cite-backlink"><b><a href="#cite_ref-16">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFНаталія2018" class="citation news cs1">Наталія, Патрікєєва (3 July 2018). <a rel="nofollow" class="external text" href="https://www.radiosvoboda.org/a/29336511.html">"Рік після атаки вірусу Petya: що змінилося в кібербезпеці України"</a>. <i>radiosvoboda.org</i><span class="reference-accessdate">. Retrieved <span class="nowrap">28 March</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=radiosvoboda.org&rft.atitle=%D0%A0%D1%96%D0%BA+%D0%BF%D1%96%D1%81%D0%BB%D1%8F+%D0%B0%D1%82%D0%B0%D0%BA%D0%B8+%D0%B2%D1%96%D1%80%D1%83%D1%81%D1%83+Petya%3A+%D1%89%D0%BE+%D0%B7%D0%BC%D1%96%D0%BD%D0%B8%D0%BB%D0%BE%D1%81%D1%8F+%D0%B2+%D0%BA%D1%96%D0%B1%D0%B5%D1%80%D0%B1%D0%B5%D0%B7%D0%BF%D0%B5%D1%86%D1%96+%D0%A3%D0%BA%D1%80%D0%B0%D1%97%D0%BD%D0%B8&rft.date=2018-07-03&rft.aulast=%D0%9D%D0%B0%D1%82%D0%B0%D0%BB%D1%96%D1%8F&rft.aufirst=%D0%9F%D0%B0%D1%82%D1%80%D1%96%D0%BA%D1%94%D1%94%D0%B2%D0%B0&rft_id=https%3A%2F%2Fwww.radiosvoboda.org%2Fa%2F29336511.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-17"><span class="mw-cite-backlink"><b><a href="#cite_ref-17">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBurgess" class="citation magazine cs1">Burgess, Matt. <a rel="nofollow" class="external text" href="https://www.wired.co.uk/article/petya-malware-ransomware-attack-outbreak-june-2017">"There's another 'worldwide' ransomware attack and it's spreading quickly"</a>. <i>Wired UK</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20171231121401/http://www.wired.co.uk/article/petya-malware-ransomware-attack-outbreak-june-2017">Archived</a> from the original on 31 December 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">27 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Wired+UK&rft.atitle=There%27s+another+%27worldwide%27+ransomware+attack+and+it%27s+spreading+quickly&rft.aulast=Burgess&rft.aufirst=Matt&rft_id=https%3A%2F%2Fwww.wired.co.uk%2Farticle%2Fpetya-malware-ransomware-attack-outbreak-june-2017&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-bloomberg-medoc-18"><span class="mw-cite-backlink">^ <a href="#cite_ref-bloomberg-medoc_18-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-bloomberg-medoc_18-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFTurnerAl_Ali2017" class="citation news cs1">Turner, Giles; Al Ali, Nour (28 June 2017). <span class="id-lock-subscription" title="Paid subscription required"><a rel="nofollow" class="external text" href="https://www.bloomberg.com/news/articles/2017-06-28/microsoft-analysts-see-hack-origin-at-ukrainian-software-firm">"Microsoft, Analysts See Hack Origin at Ukrainian Software Firm"</a></span>. Bloomberg. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170628132925/https://www.bloomberg.com/news/articles/2017-06-28/microsoft-analysts-see-hack-origin-at-ukrainian-software-firm">Archived</a> from the original on 28 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">1 July</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Microsoft%2C+Analysts+See+Hack+Origin+at+Ukrainian+Software+Firm&rft.date=2017-06-28&rft.aulast=Turner&rft.aufirst=Giles&rft.au=Al+Ali%2C+Nour&rft_id=https%3A%2F%2Fwww.bloomberg.com%2Fnews%2Farticles%2F2017-06-28%2Fmicrosoft-analysts-see-hack-origin-at-ukrainian-software-firm&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-reuters-20170703-19"><span class="mw-cite-backlink"><b><a href="#cite_ref-reuters-20170703_19-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFStubbsPolityuk2017" class="citation news cs1">Stubbs, Jack; Polityuk, Pavel (3 July 2017). <a rel="nofollow" class="external text" href="https://www.reuters.com/article/us-cyber-attack-ukraine-software-idUSKBN19O2DK">"Family firm in Ukraine says it was not responsible for cyber attack"</a>. <i>Reuters</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170704214423/http://www.reuters.com/article/us-cyber-attack-ukraine-software-idUSKBN19O2DK">Archived</a> from the original on 4 July 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">5 July</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Reuters&rft.atitle=Family+firm+in+Ukraine+says+it+was+not+responsible+for+cyber+attack&rft.date=2017-07-03&rft.aulast=Stubbs&rft.aufirst=Jack&rft.au=Polityuk%2C+Pavel&rft_id=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-attack-ukraine-software-idUSKBN19O2DK&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-ars-backdoormedoc-20"><span class="mw-cite-backlink">^ <a href="#cite_ref-ars-backdoormedoc_20-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-ars-backdoormedoc_20-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-ars-backdoormedoc_20-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFHern2017" class="citation news cs1">Hern, Alex (5 July 2017). <a rel="nofollow" class="external text" href="https://www.theguardian.com/technology/2017/jul/05/notpetya-ransomware-hackers-ukraine-bitcoin-ransom-wallet-motives">"Hackers who targeted Ukraine clean out bitcoin ransom wallet"</a>. <i>The Guardian</i>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/0261-3077">0261-3077</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170710042625/https://www.theguardian.com/technology/2017/jul/05/notpetya-ransomware-hackers-ukraine-bitcoin-ransom-wallet-motives">Archived</a> from the original on 10 July 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">10 July</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Guardian&rft.atitle=Hackers+who+targeted+Ukraine+clean+out+bitcoin+ransom+wallet&rft.date=2017-07-05&rft.issn=0261-3077&rft.aulast=Hern&rft.aufirst=Alex&rft_id=https%3A%2F%2Fwww.theguardian.com%2Ftechnology%2F2017%2Fjul%2F05%2Fnotpetya-ransomware-hackers-ukraine-bitcoin-ransom-wallet-motives&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-ars-medoc-21"><span class="mw-cite-backlink"><b><a href="#cite_ref-ars-medoc_21-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGoodin2017" class="citation news cs1">Goodin, Dan (27 June 2017). <a rel="nofollow" class="external text" href="https://arstechnica.com/security/2017/06/a-new-ransomware-outbreak-similar-to-wcry-is-shutting-down-computers-worldwide/">"A new ransomware outbreak similar to WCry is shutting down computers worldwide"</a>. <i>Ars Technica</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170630163331/https://arstechnica.com/security/2017/06/a-new-ransomware-outbreak-similar-to-wcry-is-shutting-down-computers-worldwide/">Archived</a> from the original on 30 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">1 July</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Ars+Technica&rft.atitle=A+new+ransomware+outbreak+similar+to+WCry+is+shutting+down+computers+worldwide&rft.date=2017-06-27&rft.aulast=Goodin&rft.aufirst=Dan&rft_id=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2017%2F06%2Fa-new-ransomware-outbreak-similar-to-wcry-is-shutting-down-computers-worldwide%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-22"><span class="mw-cite-backlink"><b><a href="#cite_ref-22">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFFrenkel2017" class="citation news cs1">Frenkel, Sheera (27 June 2017). <span class="id-lock-subscription" title="Paid subscription required"><a rel="nofollow" class="external text" href="https://www.nytimes.com/2017/06/27/technology/global-ransomware-hack-what-we-know-and-dont-know.html">"Global Ransomware Attack: What We Know and Don't Know"</a></span>. <i><a href="/wiki/The_New_York_Times" title="The New York Times">The New York Times</a></i>. <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/ProQuest" title="ProQuest">ProQuest</a> <a rel="nofollow" class="external text" href="https://www.proquest.com/docview/1914424259">1914424259</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170627204742/https://www.nytimes.com/2017/06/27/technology/global-ransomware-hack-what-we-know-and-dont-know.html">Archived</a> from the original on 27 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">28 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+New+York+Times&rft.atitle=Global+Ransomware+Attack%3A+What+We+Know+and+Don%27t+Know&rft.date=2017-06-27&rft.aulast=Frenkel&rft.aufirst=Sheera&rft_id=https%3A%2F%2Fwww.nytimes.com%2F2017%2F06%2F27%2Ftechnology%2Fglobal-ransomware-hack-what-we-know-and-dont-know.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-abcau-medocseized-23"><span class="mw-cite-backlink">^ <a href="#cite_ref-abcau-medocseized_23-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-abcau-medocseized_23-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="http://www.abc.net.au/news/2017-07-03/cyber-attack-charge-ukarine/8675006">"Ukrainian software company will face charges over cyber attack, police suggest"</a>. <i><a href="/wiki/ABC_News_(Australia)" title="ABC News (Australia)">ABC News Australia</a></i>. AP. 3 July 2017. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170710171330/http://www.abc.net.au/news/2017-07-03/cyber-attack-charge-ukarine/8675006">Archived</a> from the original on 10 July 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">10 July</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=ABC+News+Australia&rft.atitle=Ukrainian+software+company+will+face+charges+over+cyber+attack%2C+police+suggest&rft.date=2017-07-03&rft_id=http%3A%2F%2Fwww.abc.net.au%2Fnews%2F2017-07-03%2Fcyber-attack-charge-ukarine%2F8675006&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-24"><span class="mw-cite-backlink"><b><a href="#cite_ref-24">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGoodin2017" class="citation news cs1">Goodin, Dan (5 July 2017). <a rel="nofollow" class="external text" href="https://arstechnica.com/security/2017/07/heavily-armed-police-raid-company-that-seeded-last-weeks-notpetya-outbreak/">"Backdoor built in to widely used tax app seeded last week's NotPetya outbreak"</a>. <i>Ars Technica</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170708200235/https://arstechnica.com/security/2017/07/heavily-armed-police-raid-company-that-seeded-last-weeks-notpetya-outbreak/">Archived</a> from the original on 8 July 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">10 July</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Ars+Technica&rft.atitle=Backdoor+built+in+to+widely+used+tax+app+seeded+last+week%27s+NotPetya+outbreak&rft.date=2017-07-05&rft.aulast=Goodin&rft.aufirst=Dan&rft_id=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2017%2F07%2Fheavily-armed-police-raid-company-that-seeded-last-weeks-notpetya-outbreak%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-reuters-20170705-25"><span class="mw-cite-backlink"><b><a href="#cite_ref-reuters-20170705_25-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFStubbsWilliams2017" class="citation news cs1">Stubbs, Jack; Williams, Matthias (5 July 2017). <a rel="nofollow" class="external text" href="https://www.reuters.com/article/us-cyber-attack-ukraine-backdoor-idUSKBN19Q14P">"Ukraine scrambles to contain new cyber threat after 'NotPetya' attack"</a>. <i>Reuters</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170707004025/http://www.reuters.com/article/us-cyber-attack-ukraine-backdoor-idUSKBN19Q14P">Archived</a> from the original on 7 July 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">7 July</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Reuters&rft.atitle=Ukraine+scrambles+to+contain+new+cyber+threat+after+%27NotPetya%27+attack&rft.date=2017-07-05&rft.aulast=Stubbs&rft.aufirst=Jack&rft.au=Williams%2C+Matthias&rft_id=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-attack-ukraine-backdoor-idUSKBN19Q14P&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-26"><span class="mw-cite-backlink"><b><a href="#cite_ref-26">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://lb.ua/news/2017/07/20/371946_kardakov_predlozhil_sozdat.html">"Кардаков запропонував створити громадянську кібероборону"</a>. <i>lb.ua</i>. 20 July 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">28 March</span> 2024</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=lb.ua&rft.atitle=%D0%9A%D0%B0%D1%80%D0%B4%D0%B0%D0%BA%D0%BE%D0%B2+%D0%B7%D0%B0%D0%BF%D1%80%D0%BE%D0%BF%D0%BE%D0%BD%D1%83%D0%B2%D0%B0%D0%B2+%D1%81%D1%82%D0%B2%D0%BE%D1%80%D0%B8%D1%82%D0%B8+%D0%B3%D1%80%D0%BE%D0%BC%D0%B0%D0%B4%D1%8F%D0%BD%D1%81%D1%8C%D0%BA%D1%83+%D0%BA%D1%96%D0%B1%D0%B5%D1%80%D0%BE%D0%B1%D0%BE%D1%80%D0%BE%D0%BD%D1%83&rft.date=2017-07-20&rft_id=https%3A%2F%2Flb.ua%2Fnews%2F2017%2F07%2F20%2F371946_kardakov_predlozhil_sozdat.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-27"><span class="mw-cite-backlink"><b><a href="#cite_ref-27">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blog.kaspersky.com/new-ransomware-epidemics/17314/">"New ransomware outbreak"</a>. <i>Kaspersky Blog</i>. Kaspersky Lab. 27 June 2017. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170627223413/https://blog.kaspersky.com/new-ransomware-epidemics/17314/">Archived</a> from the original on 27 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">27 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Kaspersky+Blog&rft.atitle=New+ransomware+outbreak&rft.date=2017-06-27&rft_id=https%3A%2F%2Fblog.kaspersky.com%2Fnew-ransomware-epidemics%2F17314%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-verge-notpetya-28"><span class="mw-cite-backlink">^ <a href="#cite_ref-verge-notpetya_28-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-verge-notpetya_28-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-verge-notpetya_28-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBrandom2017" class="citation web cs1">Brandom, Russell (27 June 2017). <a rel="nofollow" class="external text" href="https://www.theverge.com/2017/6/27/15879480/petrwrap-virus-ukraine-ransomware-attack-europe-wannacry">"A new ransomware attack is hitting airlines, banks and utilities across Europe"</a>. <i>The Verge</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170702061820/https://www.theverge.com/2017/6/27/15879480/petrwrap-virus-ukraine-ransomware-attack-europe-wannacry">Archived</a> from the original on 2 July 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">27 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Verge&rft.atitle=A+new+ransomware+attack+is+hitting+airlines%2C+banks+and+utilities+across+Europe&rft.date=2017-06-27&rft.aulast=Brandom&rft.aufirst=Russell&rft_id=https%3A%2F%2Fwww.theverge.com%2F2017%2F6%2F27%2F15879480%2Fpetrwrap-virus-ukraine-ransomware-attack-europe-wannacry&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-29"><span class="mw-cite-backlink"><b><a href="#cite_ref-29">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.us-cert.gov/sites/default/files/publications/MIFR-10130295.pdf">"MIFR-10130295"</a> <span class="cs1-format">(PDF)</span>. <i>United States Computer Emergency Response Team</i>. 30 June 2017. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170815023411/https://www.us-cert.gov/sites/default/files/publications/MIFR-10130295.pdf">Archived</a> <span class="cs1-format">(PDF)</span> from the original on 15 August 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">22 July</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=United+States+Computer+Emergency+Response+Team&rft.atitle=MIFR-10130295&rft.date=2017-06-30&rft_id=https%3A%2F%2Fwww.us-cert.gov%2Fsites%2Fdefault%2Ffiles%2Fpublications%2FMIFR-10130295.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-ars-eternalblue-30"><span class="mw-cite-backlink"><b><a href="#cite_ref-ars-eternalblue_30-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGoddin2017" class="citation web cs1">Goddin, Dan (14 April 2017). <a rel="nofollow" class="external text" href="https://arstechnica.com/security/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/">"NSA-leaking Shadow Brokers just dumped its most damaging release yet"</a>. <i><a href="/wiki/Ars_Technica" title="Ars Technica">Ars Technica</a></i>. p. 1. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170513050743/https://arstechnica.com/security/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/">Archived</a> from the original on 13 May 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">13 May</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=NSA-leaking+Shadow+Brokers+just+dumped+its+most+damaging+release+yet&rft.pages=1&rft.date=2017-04-14&rft.aulast=Goddin&rft.aufirst=Dan&rft_id=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2017%2F04%2Fnsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-31"><span class="mw-cite-backlink"><b><a href="#cite_ref-31">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFThomson2017" class="citation web cs1">Thomson, Iain (28 June 2017). <a rel="nofollow" class="external text" href="https://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware/">"Everything you need to know about the Petya, er, NotPetya nasty trashing PCs worldwide"</a>. <i>The Register</i>. San Francisco. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20190712224556/https://www.theregister.co.uk/2017/06/28/petya_notpetya_ransomware">Archived</a> from the original on 12 July 2019<span class="reference-accessdate">. Retrieved <span class="nowrap">31 July</span> 2019</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Register&rft.atitle=Everything+you+need+to+know+about+the+Petya%2C+er%2C+NotPetya+nasty+trashing+PCs+worldwide&rft.date=2017-06-28&rft.aulast=Thomson&rft.aufirst=Iain&rft_id=https%3A%2F%2Fwww.theregister.co.uk%2F2017%2F06%2F28%2Fpetya_notpetya_ransomware%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-ecot-32"><span class="mw-cite-backlink"><b><a href="#cite_ref-ecot_32-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="http://economictimes.indiatimes.com/tech/internet/india-worst-hit-by-petya-in-apac-7th-globally-symantec/articleshow/59367013.cms">"India worst hit by Petya in APAC, 7th globally: Symantec"</a>. <i>The Economic Times</i>. 29 June 2017. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170629233200/http://economictimes.indiatimes.com/tech/internet/india-worst-hit-by-petya-in-apac-7th-globally-symantec/articleshow/59367013.cms">Archived</a> from the original on 29 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Economic+Times&rft.atitle=India+worst+hit+by+Petya+in+APAC%2C+7th+globally%3A+Symantec&rft.date=2017-06-29&rft_id=http%3A%2F%2Feconomictimes.indiatimes.com%2Ftech%2Finternet%2Findia-worst-hit-by-petya-in-apac-7th-globally-symantec%2Farticleshow%2F59367013.cms&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-33"><span class="mw-cite-backlink"><b><a href="#cite_ref-33">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCimpanu2017" class="citation web cs1">Cimpanu, Catalin (27 June 2017). <a rel="nofollow" class="external text" href="https://www.bleepingcomputer.com/news/security/petya-ransomware-outbreak-originated-in-ukraine-via-tainted-accounting-software/">"Petya Ransomware Outbreak Originated in Ukraine via Tainted Accounting Software"</a>. BleepingComputer. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170628043836/https://www.bleepingcomputer.com/news/security/petya-ransomware-outbreak-originated-in-ukraine-via-tainted-accounting-software/">Archived</a> from the original on 28 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Petya+Ransomware+Outbreak+Originated+in+Ukraine+via+Tainted+Accounting+Software&rft.pub=BleepingComputer&rft.date=2017-06-27&rft.aulast=Cimpanu&rft.aufirst=Catalin&rft_id=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fpetya-ransomware-outbreak-originated-in-ukraine-via-tainted-accounting-software%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-techc-34"><span class="mw-cite-backlink">^ <a href="#cite_ref-techc_34-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-techc_34-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFHatmaker2017" class="citation web cs1">Hatmaker, Taylor (28 June 2017). <a rel="nofollow" class="external text" href="https://techcrunch.com/2017/06/28/ted-lieu-petya-notpetya-no-kill-switch/">"In aftermath of Petya, congressman asks NSA to stop the attack if it knows how"</a>. <i><a href="/wiki/Techcrunch" class="mw-redirect" title="Techcrunch">Techcrunch</a></i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170629064634/https://techcrunch.com/2017/06/28/ted-lieu-petya-notpetya-no-kill-switch/">Archived</a> from the original on 29 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Techcrunch&rft.atitle=In+aftermath+of+Petya%2C+congressman+asks+NSA+to+stop+the+attack+if+it+knows+how&rft.date=2017-06-28&rft.aulast=Hatmaker&rft.aufirst=Taylor&rft_id=https%3A%2F%2Ftechcrunch.com%2F2017%2F06%2F28%2Fted-lieu-petya-notpetya-no-kill-switch%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-35"><span class="mw-cite-backlink"><b><a href="#cite_ref-35">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSuiche2017" class="citation news cs1">Suiche, Matt (28 June 2017). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170628174240/https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b">"Petya.2017 is a wiper not a ransomware"</a>. <i>Comae Technologies</i>. Archived from <a rel="nofollow" class="external text" href="https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b">the original</a> on 28 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Comae+Technologies&rft.atitle=Petya.2017+is+a+wiper+not+a+ransomware&rft.date=2017-06-28&rft.aulast=Suiche&rft.aufirst=Matt&rft_id=https%3A%2F%2Fblog.comae.io%2Fpetya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-verge-toolate-36"><span class="mw-cite-backlink">^ <a href="#cite_ref-verge-toolate_36-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-verge-toolate_36-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBrandom2017" class="citation web cs1">Brandom, Russell (27 June 2017). <a rel="nofollow" class="external text" href="https://www.theverge.com/2017/6/27/15881110/petya-notpetya-paying-ransom-email-blocked-ransomware">"It's already too late for today's ransomware victims to pay up and save their computers"</a>. <i>The Verge</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170627220224/https://www.theverge.com/2017/6/27/15881110/petya-notpetya-paying-ransom-email-blocked-ransomware">Archived</a> from the original on 27 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">28 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Verge&rft.atitle=It%27s+already+too+late+for+today%27s+ransomware+victims+to+pay+up+and+save+their+computers&rft.date=2017-06-27&rft.aulast=Brandom&rft.aufirst=Russell&rft_id=https%3A%2F%2Fwww.theverge.com%2F2017%2F6%2F27%2F15881110%2Fpetya-notpetya-paying-ransom-email-blocked-ransomware&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-ars-wiper-37"><span class="mw-cite-backlink"><b><a href="#cite_ref-ars-wiper_37-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGoodin2017" class="citation web cs1">Goodin, Dan (28 June 2017). <a rel="nofollow" class="external text" href="https://arstechnica.com/security/2017/06/petya-outbreak-was-a-chaos-sowing-wiper-not-profit-seeking-ransomware/">"Tuesday's massive ransomware outbreak was, in fact, something much worse"</a>. <i>Ars Technica</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170717073820/https://arstechnica.com/security/2017/06/petya-outbreak-was-a-chaos-sowing-wiper-not-profit-seeking-ransomware/">Archived</a> from the original on 17 July 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">28 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=Tuesday%27s+massive+ransomware+outbreak+was%2C+in+fact%2C+something+much+worse&rft.date=2017-06-28&rft.aulast=Goodin&rft.aufirst=Dan&rft_id=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2017%2F06%2Fpetya-outbreak-was-a-chaos-sowing-wiper-not-profit-seeking-ransomware%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-BBCPMdc-38"><span class="mw-cite-backlink"><b><a href="#cite_ref-BBCPMdc_38-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.bbc.com/news/technology-40442578">"Cyber-attack was about data and not money, say experts"</a>. <i>BBC News</i>. 29 June 2017. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170629125348/http://www.bbc.com/news/technology-40442578">Archived</a> from the original on 29 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=BBC+News&rft.atitle=Cyber-attack+was+about+data+and+not+money%2C+say+experts&rft.date=2017-06-29&rft_id=https%3A%2F%2Fwww.bbc.com%2Fnews%2Ftechnology-40442578&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-39"><span class="mw-cite-backlink"><b><a href="#cite_ref-39">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSolonHern2017" class="citation web cs1">Solon, Olivia; Hern, Alex (28 June 2017). <a rel="nofollow" class="external text" href="https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how">"<span class="cs1-kern-left"></span>'Petya' ransomware attack: what is it and how can it be stopped?"</a>. <i>The Guardian</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20190530151733/https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how">Archived</a> from the original on 30 May 2019<span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Guardian&rft.atitle=%27Petya%27+ransomware+attack%3A+what+is+it+and+how+can+it+be+stopped%3F&rft.date=2017-06-28&rft.aulast=Solon&rft.aufirst=Olivia&rft.au=Hern%2C+Alex&rft_id=https%3A%2F%2Fwww.theguardian.com%2Ftechnology%2F2017%2Fjun%2F27%2Fpetya-ransomware-cyber-attack-who-what-why-how&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-40"><span class="mw-cite-backlink"><b><a href="#cite_ref-40">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCimpanu2017" class="citation news cs1">Cimpanu, Catalin (27 June 2017). <a rel="nofollow" class="external text" href="https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/">"Vaccine, not Killswitch, Found for Petya (NotPetya) Ransomware Outbreak"</a>. <i>Bleeping Computer</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170713162416/https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/">Archived</a> from the original on 13 July 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Bleeping+Computer&rft.atitle=Vaccine%2C+not+Killswitch%2C+Found+for+Petya+%28NotPetya%29+Ransomware+Outbreak&rft.date=2017-06-27&rft.aulast=Cimpanu&rft.aufirst=Catalin&rft_id=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fvaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-41"><span class="mw-cite-backlink"><b><a href="#cite_ref-41">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRogers2017" class="citation web cs1">Rogers, James (28 June 2017). <a rel="nofollow" class="external text" href="https://www.foxnews.com/tech/petya-ransomware-experts-tout-vaccine-to-protect-computers-from-crippling-cyber-attack">"Petya ransomware: Experts tout 'vaccine' to protect computers from crippling cyber attack"</a>. <i>Fox News</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170628174320/http://www.foxnews.com/tech/2017/06/28/petya-ransomware-experts-tout-vaccine-to-protect-computers-from-crippling-cyber-attack.html">Archived</a> from the original on 28 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Fox+News&rft.atitle=Petya+ransomware%3A+Experts+tout+%27vaccine%27+to+protect+computers+from+crippling+cyber+attack&rft.date=2017-06-28&rft.aulast=Rogers&rft.aufirst=James&rft_id=https%3A%2F%2Fwww.foxnews.com%2Ftech%2Fpetya-ransomware-experts-tout-vaccine-to-protect-computers-from-crippling-cyber-attack&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-42"><span class="mw-cite-backlink"><b><a href="#cite_ref-42">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMcGoogan2017" class="citation news cs1">McGoogan, Cara (28 June 2017). <a rel="nofollow" class="external text" href="https://www.telegraph.co.uk/technology/2017/06/28/security-researcher-creates-vaccine-against-ransomware-attack/">"Security researcher creates 'vaccine' against ransomware attack"</a>. <i>The Telegraph</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170628203500/http://www.telegraph.co.uk/technology/2017/06/28/security-researcher-creates-vaccine-against-ransomware-attack/">Archived</a> from the original on 28 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Telegraph&rft.atitle=Security+researcher+creates+%27vaccine%27+against+ransomware+attack&rft.date=2017-06-28&rft.aulast=McGoogan&rft.aufirst=Cara&rft_id=https%3A%2F%2Fwww.telegraph.co.uk%2Ftechnology%2F2017%2F06%2F28%2Fsecurity-researcher-creates-vaccine-against-ransomware-attack%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-43"><span class="mw-cite-backlink"><b><a href="#cite_ref-43">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLee2017" class="citation web cs1">Lee, Dave (28 June 2017). <a rel="nofollow" class="external text" href="https://www.bbc.co.uk/news/technology-40427907">"<span class="cs1-kern-left"></span>'Vaccine' created for huge cyber-attack"</a>. <i>BBC News</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170628224752/http://www.bbc.co.uk/news/technology-40427907">Archived</a> from the original on 28 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=BBC+News&rft.atitle=%27Vaccine%27+created+for+huge+cyber-attack&rft.date=2017-06-28&rft.aulast=Lee&rft.aufirst=Dave&rft_id=https%3A%2F%2Fwww.bbc.co.uk%2Fnews%2Ftechnology-40427907&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-44"><span class="mw-cite-backlink"><b><a href="#cite_ref-44">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFmikko2017" class="citation web cs1">@mikko (28 June 2017). <a rel="nofollow" class="external text" href="https://x.com/mikko/status/880036070267772929">"Victims keep sending money to Petya, but will not get their files back: No way to contact the attackers, as their email address was killed"</a> (<a href="/wiki/Tweet_(social_media)" title="Tweet (social media)">Tweet</a>) – via <a href="/wiki/Twitter" title="Twitter">Twitter</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Victims+keep+sending+money+to+Petya%2C+but+will+not+get+their+files+back%3A+No+way+to+contact+the+attackers%2C+as+their+email+address+was+killed.&rft.date=2017-06-28&rft.au=mikko&rft_id=https%3A%2F%2Fx.com%2Fmikko%2Fstatus%2F880036070267772929&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-45"><span class="mw-cite-backlink"><b><a href="#cite_ref-45">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blog.alertlogic.com/blog/emergent-petrwrap-variant-analyzed-internet-propagation-and-recovery-of-non-ntfs-victims/">"Analyzed: Internet Propagation and Recovery of Non-NTFS Victims"</a>. <i>Alert Logic</i>. Fortra. 26 July 2017. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20200720102333/https://blog.alertlogic.com/blog/emergent-petrwrap-variant-analyzed-internet-propagation-and-recovery-of-non-ntfs-victims/">Archived</a> from the original on 20 July 2020<span class="reference-accessdate">. Retrieved <span class="nowrap">20 July</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Alert+Logic&rft.atitle=Analyzed%3A+Internet+Propagation+and+Recovery+of+Non-NTFS+Victims&rft.date=2017-07-26&rft_id=https%3A%2F%2Fblog.alertlogic.com%2Fblog%2Femergent-petrwrap-variant-analyzed-internet-propagation-and-recovery-of-non-ntfs-victims%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-6facts-46"><span class="mw-cite-backlink">^ <a href="#cite_ref-6facts_46-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-6facts_46-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFWhittaker2017" class="citation news cs1">Whittaker, Zack (27 June 2017). <a rel="nofollow" class="external text" href="https://www.zdnet.com/article/six-quick-facts-june-global-ransomware-cyberattack/">"Six quick facts to know about today's global ransomware attack"</a>. <i>ZDNet</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170629033442/http://www.zdnet.com/article/six-quick-facts-june-global-ransomware-cyberattack/">Archived</a> from the original on 29 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=ZDNet&rft.atitle=Six+quick+facts+to+know+about+today%27s+global+ransomware+attack&rft.date=2017-06-27&rft.aulast=Whittaker&rft.aufirst=Zack&rft_id=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fsix-quick-facts-june-global-ransomware-cyberattack%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-verge-unsupported-47"><span class="mw-cite-backlink"><b><a href="#cite_ref-verge-unsupported_47-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFWarren2017" class="citation web cs1">Warren, Tom (13 May 2017). <a rel="nofollow" class="external text" href="https://www.theverge.com/2017/5/13/15635006/microsoft-windows-xp-security-patch-wannacry-ransomware-attack">"Microsoft issues 'highly unusual' Windows XP patch to prevent massive ransomware attack"</a>. <i><a href="/wiki/The_Verge" title="The Verge">The Verge</a></i>. <a href="/wiki/Vox_Media" title="Vox Media">Vox Media</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170514023327/https://www.theverge.com/2017/5/13/15635006/microsoft-windows-xp-security-patch-wannacry-ransomware-attack">Archived</a> from the original on 14 May 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">13 May</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Verge&rft.atitle=Microsoft+issues+%27highly+unusual%27+Windows+XP+patch+to+prevent+massive+ransomware+attack&rft.date=2017-05-13&rft.aulast=Warren&rft.aufirst=Tom&rft_id=https%3A%2F%2Fwww.theverge.com%2F2017%2F5%2F13%2F15635006%2Fmicrosoft-windows-xp-security-patch-wannacry-ransomware-attack&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-48"><span class="mw-cite-backlink"><b><a href="#cite_ref-48">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFNewman2017" class="citation magazine cs1">Newman, Lily Hay (27 June 2017). <a rel="nofollow" class="external text" href="https://www.wired.com/story/petya-ransomware-outbreak-eternal-blue/">"A Scary New Ransomware Outbreak Uses WannaCry's Old Tricks"</a>. <i>Wired</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170627224357/https://www.wired.com/story/petya-ransomware-outbreak-eternal-blue/">Archived</a> from the original on 27 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Wired&rft.atitle=A+Scary+New+Ransomware+Outbreak+Uses+WannaCry%27s+Old+Tricks&rft.date=2017-06-27&rft.aulast=Newman&rft.aufirst=Lily+Hay&rft_id=https%3A%2F%2Fwww.wired.com%2Fstory%2Fpetya-ransomware-outbreak-eternal-blue%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-Wired_2018-49"><span class="mw-cite-backlink">^ <a href="#cite_ref-Wired_2018_49-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-Wired_2018_49-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGreenburg2018" class="citation magazine cs1">Greenburg, Andy (22 August 2018). <a rel="nofollow" class="external text" href="https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/">"The Untold Story of NotPetya, the Most Devastating Cyberattack in History"</a>. <i>Wired</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180822200418/https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/">Archived</a> from the original on 22 August 2018<span class="reference-accessdate">. Retrieved <span class="nowrap">1 September</span> 2018</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Wired&rft.atitle=The+Untold+Story+of+NotPetya%2C+the+Most+Devastating+Cyberattack+in+History&rft.date=2018-08-22&rft.aulast=Greenburg&rft.aufirst=Andy&rft_id=https%3A%2F%2Fwww.wired.com%2Fstory%2Fnotpetya-cyberattack-ukraine-russia-code-crashed-the-world%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-50"><span class="mw-cite-backlink"><b><a href="#cite_ref-50">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGriffin2017" class="citation news cs1">Griffin, Andrew (27 June 2017). <span class="id-lock-subscription" title="Paid subscription required"><a rel="nofollow" class="external text" href="https://www.independent.co.uk/news/world/europe/chernobyl-ukraine-petya-cyber-attack-hack-nuclear-power-plant-danger-latest-a7810941.html">"Chernobyl's radiation monitoring system has been hit by the worldwide cyber attack"</a></span>. <i>The Independent</i>. <a rel="nofollow" class="external text" href="https://ghostarchive.org/archive/20220526/https://www.independent.co.uk/news/world/europe/chernobyl-ukraine-petya-cyber-attack-hack-nuclear-power-plant-danger-latest-a7810941.html">Archived</a> from the original on 26 May 2022<span class="reference-accessdate">. Retrieved <span class="nowrap">27 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Independent&rft.atitle=Chernobyl%27s+radiation+monitoring+system+has+been+hit+by+the+worldwide+cyber+attack&rft.date=2017-06-27&rft.aulast=Griffin&rft.aufirst=Andrew&rft_id=https%3A%2F%2Fwww.independent.co.uk%2Fnews%2Fworld%2Feurope%2Fchernobyl-ukraine-petya-cyber-attack-hack-nuclear-power-plant-danger-latest-a7810941.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-NYTRan-51"><span class="mw-cite-backlink">^ <a href="#cite_ref-NYTRan_51-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-NYTRan_51-1"><sup><i><b>b</b></i></sup></a> <a href="#cite_ref-NYTRan_51-2"><sup><i><b>c</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFScottPerlroth2017" class="citation news cs1">Scott, Mark; Perlroth, Nicole (27 June 2017). <a rel="nofollow" class="external text" href="https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html">"New Cyberattack Spreads in Europe, Russia and U.S."</a> <i>The New York Times</i>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/0362-4331">0362-4331</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180413005050/https://mobile.nytimes.com/2017/06/27/technology/ransomware-hackers.html">Archived</a> from the original on 13 April 2018<span class="reference-accessdate">. Retrieved <span class="nowrap">27 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+New+York+Times&rft.atitle=New+Cyberattack+Spreads+in+Europe%2C+Russia+and+U.S.&rft.date=2017-06-27&rft.issn=0362-4331&rft.aulast=Scott&rft.aufirst=Mark&rft.au=Perlroth%2C+Nicole&rft_id=https%3A%2F%2Fwww.nytimes.com%2F2017%2F06%2F27%2Ftechnology%2Fransomware-hackers.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-52"><span class="mw-cite-backlink"><b><a href="#cite_ref-52">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFNg2018" class="citation news cs1">Ng, Alfred (15 February 2018). <a rel="nofollow" class="external text" href="https://www.cnet.com/news/privacy/uk-said-russia-is-behind-destructive-2017-cyberattack-in-ukraine/">"US, UK say Russia behind 'most destructive' cyberattack ever"</a>. <i>CNET</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20220707075633/https://www.cnet.com/news/privacy/uk-said-russia-is-behind-destructive-2017-cyberattack-in-ukraine/">Archived</a> from the original on 7 July 2022<span class="reference-accessdate">. Retrieved <span class="nowrap">24 March</span> 2023</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=CNET&rft.atitle=US%2C+UK+say+Russia+behind+%27most+destructive%27+cyberattack+ever&rft.date=2018-02-15&rft.aulast=Ng&rft.aufirst=Alfred&rft_id=https%3A%2F%2Fwww.cnet.com%2Fnews%2Fprivacy%2Fuk-said-russia-is-behind-destructive-2017-cyberattack-in-ukraine%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-NPRCyber-53"><span class="mw-cite-backlink">^ <a href="#cite_ref-NPRCyber_53-0"><sup><i><b>a</b></i></sup></a> <a href="#cite_ref-NPRCyber_53-1"><sup><i><b>b</b></i></sup></a></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFChappellDwyer2017" class="citation news cs1">Chappell, Bill; Dwyer, Colin (27 June 2017). <a rel="nofollow" class="external text" href="https://www.npr.org/sections/thetwo-way/2017/06/27/534560169/large-cyberattack-hits-ukraine-snarling-electric-grids-and-airports">"<span class="cs1-kern-left"></span>'Petya' Cyberattack Cripples Ukraine, And Experts Say It's Spreading Globally"</a>. <i>The two way</i>. NPR. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170627162749/http://www.npr.org/sections/thetwo-way/2017/06/27/534560169/large-cyberattack-hits-ukraine-snarling-electric-grids-and-airports">Archived</a> from the original on 27 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">27 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+two+way&rft.atitle=%27Petya%27+Cyberattack+Cripples+Ukraine%2C+And+Experts+Say+It%27s+Spreading+Globally&rft.date=2017-06-27&rft.aulast=Chappell&rft.aufirst=Bill&rft.au=Dwyer%2C+Colin&rft_id=https%3A%2F%2Fwww.npr.org%2Fsections%2Fthetwo-way%2F2017%2F06%2F27%2F534560169%2Flarge-cyberattack-hits-ukraine-snarling-electric-grids-and-airports&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-54"><span class="mw-cite-backlink"><b><a href="#cite_ref-54">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.reuters.com/article/us-russia-rosneft-cyberattack-idUSKBN19I1N9">"Russia's Rosneft says hit by cyber attack, oil production unaffected"</a>. <i><a href="/wiki/Reuters" title="Reuters">Reuters</a></i>. 27 June 2017. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170627172914/http://www.reuters.com/article/us-russia-rosneft-cyberattack-idUSKBN19I1N9">Archived</a> from the original on 27 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">28 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Reuters&rft.atitle=Russia%27s+Rosneft+says+hit+by+cyber+attack%2C+oil+production+unaffected&rft.date=2017-06-27&rft_id=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-russia-rosneft-cyberattack-idUSKBN19I1N9&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-Postimees-55"><span class="mw-cite-backlink"><b><a href="#cite_ref-Postimees_55-0">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRuuda2017" class="citation news cs1 cs1-prop-foreign-lang-source">Ruuda, Lennart (28 June 2017). <a rel="nofollow" class="external text" href="http://majandus24.postimees.ee/4160147/ehituse-abc-sulges-kuberrunnaku-tottu-koik-oma-poed">"Ehituse ABC sulges küberrünnaku tõttu kõik oma poed"</a> [Ehituse ABC closed all its stores because of cyberattack]. <i>Postimees</i> (in Estonian). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170628091030/http://majandus24.postimees.ee/4160147/ehituse-abc-sulges-kuberrunnaku-tottu-koik-oma-poed">Archived</a> from the original on 28 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">28 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Postimees&rft.atitle=Ehituse+ABC+sulges+k%C3%BCberr%C3%BCnnaku+t%C3%B5ttu+k%C3%B5ik+oma+poed&rft.date=2017-06-28&rft.aulast=Ruuda&rft.aufirst=Lennart&rft_id=http%3A%2F%2Fmajandus24.postimees.ee%2F4160147%2Fehituse-abc-sulges-kuberrunnaku-tottu-koik-oma-poed&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-56"><span class="mw-cite-backlink"><b><a href="#cite_ref-56">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFYeomans2017" class="citation news cs1">Yeomans, Jon (6 July 2017). <a rel="nofollow" class="external text" href="https://www.telegraph.co.uk/business/2017/07/06/dettol-maker-reckitt-benckiser-warns-revenue-will-hit-cleans/">"Dettol maker Reckitt Benckiser warns revenue will be hit as it cleans up Petya cyber attack"</a>. <i><a href="/wiki/The_Daily_Telegraph" title="The Daily Telegraph">The Telegraph</a></i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170708163602/http://www.telegraph.co.uk/business/2017/07/06/dettol-maker-reckitt-benckiser-warns-revenue-will-hit-cleans/">Archived</a> from the original on 8 July 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">9 July</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Telegraph&rft.atitle=Dettol+maker+Reckitt+Benckiser+warns+revenue+will+be+hit+as+it+cleans+up+Petya+cyber+attack&rft.date=2017-07-06&rft.aulast=Yeomans&rft.aufirst=Jon&rft_id=https%3A%2F%2Fwww.telegraph.co.uk%2Fbusiness%2F2017%2F07%2F06%2Fdettol-maker-reckitt-benckiser-warns-revenue-will-hit-cleans%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-57"><span class="mw-cite-backlink"><b><a href="#cite_ref-57">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20170706120253/http://boerse.ard.de/aktien/hackerangriff-beiersdorf-und-co-hart-getroffen100.html">"Hackerangriff: Beiersdorf & Co hart getroffen"</a> [Hacking attack: Beiersdorf and other companies badly affected]. <i><a href="/wiki/ARD_(broadcaster)" title="ARD (broadcaster)">ARD</a></i>. 6 July 2017. Archived from <a rel="nofollow" class="external text" href="http://boerse.ard.de/aktien/hackerangriff-beiersdorf-und-co-hart-getroffen100.html">the original</a> on 6 July 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">9 July</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=ARD&rft.atitle=Hackerangriff%3A+Beiersdorf+%26+Co+hart+getroffen&rft.date=2017-07-06&rft_id=http%3A%2F%2Fboerse.ard.de%2Faktien%2Fhackerangriff-beiersdorf-und-co-hart-getroffen100.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-58"><span class="mw-cite-backlink"><b><a href="#cite_ref-58">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFHenleySolon2017" class="citation news cs1">Henley, Jon; Solon, Olivia (27 June 2017). <a rel="nofollow" class="external text" href="https://www.theguardian.com/world/2017/jun/27/petya-ransomware-attack-strikes-companies-across-europe">"<span class="cs1-kern-left"></span>'Petya' ransomware attack strikes companies across Europe and US"</a>. <i>The Guardian</i>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/0261-3077">0261-3077</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210501230809/https://www.theguardian.com/world/2017/jun/27/petya-ransomware-attack-strikes-companies-across-europe">Archived</a> from the original on 1 May 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">27 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Guardian&rft.atitle=%27Petya%27+ransomware+attack+strikes+companies+across+Europe+and+US&rft.date=2017-06-27&rft.issn=0261-3077&rft.aulast=Henley&rft.aufirst=Jon&rft.au=Solon%2C+Olivia&rft_id=https%3A%2F%2Fwww.theguardian.com%2Fworld%2F2017%2Fjun%2F27%2Fpetya-ransomware-attack-strikes-companies-across-europe&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-59"><span class="mw-cite-backlink"><b><a href="#cite_ref-59">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><span class="id-lock-subscription" title="Paid subscription required"><a rel="nofollow" class="external text" href="http://www.theaustralian.com.au/business/technology/petya-cyber-attack-hobarts-cadbury-chocolate-factory-struck/news-story/0952a26ba16b22a85da636a92393206f">"Petya cyberattack: Hobart's Cadbury chocolate factory struck"</a></span>. <i><a href="/wiki/The_Australian" title="The Australian">The Australian</a></i><span class="reference-accessdate">. Retrieved <span class="nowrap">28 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Australian&rft.atitle=Petya+cyberattack%3A+Hobart%27s+Cadbury+chocolate+factory+struck&rft_id=http%3A%2F%2Fwww.theaustralian.com.au%2Fbusiness%2Ftechnology%2Fpetya-cyber-attack-hobarts-cadbury-chocolate-factory-struck%2Fnews-story%2F0952a26ba16b22a85da636a92393206f&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-60"><span class="mw-cite-backlink"><b><a href="#cite_ref-60">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="http://indianexpress.com/article/india/cyber-attack-new-malware-hits-jnpt-ops-as-apm-terminals-hacked-globally-4725102/">"New malware hits JNPT operations as APM Terminals hacked globally"</a>. <i>The Indian Express</i>. 27 June 2017. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170701041602/http://indianexpress.com/article/india/cyber-attack-new-malware-hits-jnpt-ops-as-apm-terminals-hacked-globally-4725102/">Archived</a> from the original on 1 July 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">28 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Indian+Express&rft.atitle=New+malware+hits+JNPT+operations+as+APM+Terminals+hacked+globally&rft.date=2017-06-27&rft_id=http%3A%2F%2Findianexpress.com%2Farticle%2Findia%2Fcyber-attack-new-malware-hits-jnpt-ops-as-apm-terminals-hacked-globally-4725102%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-61"><span class="mw-cite-backlink"><b><a href="#cite_ref-61">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFEvans2017" class="citation news cs1">Evans, Melanie (30 June 2017). <span class="id-lock-subscription" title="Paid subscription required"><a rel="nofollow" class="external text" href="https://www.wsj.com/articles/cyberattack-forces-west-virginia-hospital-to-scrap-its-computer-systems-1498769889">"Business News: Hospital Is Forced To Scrap Computers"</a></span>. <i>The Wall Street Journal</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170702010935/https://www.wsj.com/articles/cyberattack-forces-west-virginia-hospital-to-scrap-its-computer-systems-1498769889">Archived</a> from the original on 2 July 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">2 July</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Wall+Street+Journal&rft.atitle=Business+News%3A+Hospital+Is+Forced+To+Scrap+Computers&rft.date=2017-06-30&rft.aulast=Evans&rft.aufirst=Melanie&rft_id=https%3A%2F%2Fwww.wsj.com%2Farticles%2Fcyberattack-forces-west-virginia-hospital-to-scrap-its-computer-systems-1498769889&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-62"><span class="mw-cite-backlink"><b><a href="#cite_ref-62">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFPalmer2017" class="citation web cs1">Palmer, Danny (16 August 2017). <a rel="nofollow" class="external text" href="https://www.zdnet.com/article/petya-ransomware-cyber-attack-costs-could-hit-300m-for-shipping-giant-maersk/">"Petya ransomware: Cyberattack costs could hit $300m for shipping giant Maersk"</a>. <i><a href="/wiki/ZDNet" class="mw-redirect" title="ZDNet">ZDNet</a></i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180217091108/http://www.zdnet.com/article/petya-ransomware-cyber-attack-costs-could-hit-300m-for-shipping-giant-maersk/">Archived</a> from the original on 17 February 2018<span class="reference-accessdate">. Retrieved <span class="nowrap">18 February</span> 2018</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=ZDNet&rft.atitle=Petya+ransomware%3A+Cyberattack+costs+could+hit+%24300m+for+shipping+giant+Maersk&rft.date=2017-08-16&rft.aulast=Palmer&rft.aufirst=Danny&rft_id=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fpetya-ransomware-cyber-attack-costs-could-hit-300m-for-shipping-giant-maersk%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-63"><span class="mw-cite-backlink"><b><a href="#cite_ref-63">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation report cs1"><a rel="nofollow" class="external text" href="https://s21.q4cdn.com/665674268/files/doc_financials/annual/2019/FedEx-Corporation-2019-Annual-Report.pdf">2019 Annual Report</a> <span class="cs1-format">(PDF)</span> (Report). FedEx Corporation. p. 67. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210702070901/https://s21.q4cdn.com/665674268/files/doc_financials/annual/2019/FedEx-Corporation-2019-Annual-Report.pdf">Archived</a> <span class="cs1-format">(PDF)</span> from the original on 2 July 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">24 March</span> 2023</span>. <q>Comparables for 2019 are affected by the impact of the NotPetya cyberattack, which reduced earnings in 2018 by approximately $400 million</q></cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=report&rft.btitle=2019+Annual+Report&rft.pages=67&rft.pub=FedEx+Corporation&rft_id=https%3A%2F%2Fs21.q4cdn.com%2F665674268%2Ffiles%2Fdoc_financials%2Fannual%2F2019%2FFedEx-Corporation-2019-Annual-Report.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-64"><span class="mw-cite-backlink"><b><a href="#cite_ref-64">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFUchill2017" class="citation web cs1">Uchill, Joe (28 June 2017). <a rel="nofollow" class="external text" href="https://thehill.com/policy/cybersecurity/overnights/339926-overnight-cybersecurity-new-ransomware-wasnt-really/">"Overnight Cybersecurity: New questions about 'ransomware' attack—Tensions between NSA chief, Trump over Russia—Senate panel asks states to publicize election hacks"</a>. <i><a href="/wiki/The_Hill_(newspaper)" title="The Hill (newspaper)">The Hill</a></i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170630051919/http://thehill.com/policy/cybersecurity/overnights/339926-overnight-cybersecurity-new-ransomware-wasnt-really">Archived</a> from the original on 30 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Hill&rft.atitle=Overnight+Cybersecurity%3A+New+questions+about+%27ransomware%27+attack%E2%80%94Tensions+between+NSA+chief%2C+Trump+over+Russia%E2%80%94Senate+panel+asks+states+to+publicize+election+hacks&rft.date=2017-06-28&rft.aulast=Uchill&rft.aufirst=Joe&rft_id=https%3A%2F%2Fthehill.com%2Fpolicy%2Fcybersecurity%2Fovernights%2F339926-overnight-cybersecurity-new-ransomware-wasnt-really%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-65"><span class="mw-cite-backlink"><b><a href="#cite_ref-65">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.haaretz.com/world-news/europe/2017-06-28/ty-article/nato-warns-use-of-article-5-over-cyber-attack/0000017f-e7e2-dea7-adff-f7fb060f0000">"NATO Warns Use of Article 5 Over Cyber Attack, Members Pledge Spending Increase"</a>. <i>Haaretz</i>. Reuters. 28 June 2017. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20230324041205/https://www.haaretz.com/world-news/europe/2017-06-28/ty-article/nato-warns-use-of-article-5-over-cyber-attack/0000017f-e7e2-dea7-adff-f7fb060f0000">Archived</a> from the original on 24 March 2023<span class="reference-accessdate">. Retrieved <span class="nowrap">24 March</span> 2023</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Haaretz&rft.atitle=NATO+Warns+Use+of+Article+5+Over+Cyber+Attack%2C+Members+Pledge+Spending+Increase&rft.date=2017-06-28&rft_id=https%3A%2F%2Fwww.haaretz.com%2Fworld-news%2Feurope%2F2017-06-28%2Fty-article%2Fnato-warns-use-of-article-5-over-cyber-attack%2F0000017f-e7e2-dea7-adff-f7fb060f0000&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-66"><span class="mw-cite-backlink"><b><a href="#cite_ref-66">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMcCarthy2019" class="citation news cs1">McCarthy, Kieran (11 January 2019). <a rel="nofollow" class="external text" href="https://www.theregister.co.uk/2019/01/11/notpetya_insurance_claim/">"Cyber-insurance shock: Zurich refuses to foot NotPetya ransomware clean-up bill—and claims it's 'an act of war'<span class="cs1-kern-right"></span>"</a>. <i><a href="/wiki/The_Register" title="The Register">The Register</a></i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20190202154129/https://www.theregister.co.uk/2019/01/11/notpetya_insurance_claim/">Archived</a> from the original on 2 February 2019<span class="reference-accessdate">. Retrieved <span class="nowrap">2 February</span> 2019</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Register&rft.atitle=Cyber-insurance+shock%3A+Zurich+refuses+to+foot+NotPetya+ransomware+clean-up+bill%E2%80%94and+claims+it%27s+%27an+act+of+war%27&rft.date=2019-01-11&rft.aulast=McCarthy&rft.aufirst=Kieran&rft_id=https%3A%2F%2Fwww.theregister.co.uk%2F2019%2F01%2F11%2Fnotpetya_insurance_claim%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-67"><span class="mw-cite-backlink"><b><a href="#cite_ref-67">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFJones2022" class="citation news cs1">Jones, David (8 November 2022). <a rel="nofollow" class="external text" href="https://www.cybersecuritydive.com/news/mondelez-zurich-notpetya-cyber-insurance-settlement/636029/">"Mondelēz settlement in NotPetya case renews concerns about cyber insurance coverage"</a>. <i>Cybersecurity Dive</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20230121142345/https://www.cybersecuritydive.com/news/mondelez-zurich-notpetya-cyber-insurance-settlement/636029/">Archived</a> from the original on 21 January 2023<span class="reference-accessdate">. Retrieved <span class="nowrap">24 March</span> 2023</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Cybersecurity+Dive&rft.atitle=Mondel%C4%93z+settlement+in+NotPetya+case+renews+concerns+about+cyber+insurance+coverage&rft.date=2022-11-08&rft.aulast=Jones&rft.aufirst=David&rft_id=https%3A%2F%2Fwww.cybersecuritydive.com%2Fnews%2Fmondelez-zurich-notpetya-cyber-insurance-settlement%2F636029%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-68"><span class="mw-cite-backlink"><b><a href="#cite_ref-68">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLieu" class="citation web cs1">Lieu, Ted. <a rel="nofollow" class="external text" href="https://lieu.house.gov/sites/lieu.house.gov/files/documents/6-28%20Letter%20from%20Rep.%20Lieu%20to%20Adm.%20Rogers.pdf">"Letter to NSA director"</a> <span class="cs1-format">(PDF)</span>. House. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170706210321/https://lieu.house.gov/sites/lieu.house.gov/files/documents/6-28%20Letter%20from%20Rep.%20Lieu%20to%20Adm.%20Rogers.pdf">Archived</a> <span class="cs1-format">(PDF)</span> from the original on 6 July 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">29 June</span> 2017</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Letter+to+NSA+director&rft.pub=House&rft.aulast=Lieu&rft.aufirst=Ted&rft_id=https%3A%2F%2Flieu.house.gov%2Fsites%2Flieu.house.gov%2Ffiles%2Fdocuments%2F6-28%2520Letter%2520from%2520Rep.%2520Lieu%2520to%2520Adm.%2520Rogers.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-69"><span class="mw-cite-backlink"><b><a href="#cite_ref-69">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAuchardStubbsPrentice2017" class="citation news cs1">Auchard, Eric; Stubbs, Jack; Prentice, Alessandra (27 June 2017). <a rel="nofollow" class="external text" href="https://www.reuters.com/article/us-cyber-attack-idUSKBN19I1TD">"New computer virus spreads from Ukraine to disrupt world business"</a>. <i>Reuters</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170628220240/http://www.reuters.com/article/us-cyber-attack-idUSKBN19I1TD">Archived</a> from the original on 28 June 2017<span class="reference-accessdate">. Retrieved <span class="nowrap">24 March</span> 2023</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Reuters&rft.atitle=New+computer+virus+spreads+from+Ukraine+to+disrupt+world+business&rft.date=2017-06-27&rft.aulast=Auchard&rft.aufirst=Eric&rft.au=Stubbs%2C+Jack&rft.au=Prentice%2C+Alessandra&rft_id=https%3A%2F%2Fwww.reuters.com%2Farticle%2Fus-cyber-attack-idUSKBN19I1TD&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-70"><span class="mw-cite-backlink"><b><a href="#cite_ref-70">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFChalfant2018" class="citation news cs1">Chalfant, Morgan (15 February 2018). <a rel="nofollow" class="external text" href="https://thehill.com/policy/cybersecurity/374104-trump-admin-blames-russia-for-global-cyberattack-warns-of-international/">"Trump admin blames Russia for massive global cyberattack"</a>. <i>The Hill</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20221006070049/https://thehill.com/policy/cybersecurity/374104-trump-admin-blames-russia-for-global-cyberattack-warns-of-international/">Archived</a> from the original on 6 October 2022<span class="reference-accessdate">. Retrieved <span class="nowrap">24 March</span> 2023</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Hill&rft.atitle=Trump+admin+blames+Russia+for+massive+global+cyberattack&rft.date=2018-02-15&rft.aulast=Chalfant&rft.aufirst=Morgan&rft_id=https%3A%2F%2Fthehill.com%2Fpolicy%2Fcybersecurity%2F374104-trump-admin-blames-russia-for-global-cyberattack-warns-of-international%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-71"><span class="mw-cite-backlink"><b><a href="#cite_ref-71">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFShaikh2018" class="citation news cs1">Shaikh, Rafia (16 February 2018). <a rel="nofollow" class="external text" href="https://wccftech.com/australia-us-uk-russia-notpetya/">"US, UK, Australia Warn Russia of "International Consequences" - NotPetya Outbreak Attributed to the Kremlin"</a>. <i>WCCF Tech</i>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20220929135452/https://wccftech.com/australia-us-uk-russia-notpetya/">Archived</a> from the original on 29 September 2022<span class="reference-accessdate">. Retrieved <span class="nowrap">24 March</span> 2023</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=WCCF+Tech&rft.atitle=US%2C+UK%2C+Australia+Warn+Russia+of+%22International+Consequences%22+-+NotPetya+Outbreak+Attributed+to+the+Kremlin&rft.date=2018-02-16&rft.aulast=Shaikh&rft.aufirst=Rafia&rft_id=https%3A%2F%2Fwccftech.com%2Faustralia-us-uk-russia-notpetya%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-72"><span class="mw-cite-backlink"><b><a href="#cite_ref-72">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation pressrelease cs1"><a rel="nofollow" class="external text" href="https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and">"Six Russian GRU Officers Charged in Connection with Worldwide Deployment of Destructive Malware and Other Disruptive Actions in Cyberspace"</a> (Press release). <a href="/wiki/U.S._Department_of_Justice" class="mw-redirect" title="U.S. Department of Justice">U.S. Department of Justice</a>. 19 October 2020. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20211210031653/https://www.justice.gov/opa/pr/six-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and">Archived</a> from the original on 10 December 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">20 October</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Six+Russian+GRU+Officers+Charged+in+Connection+with+Worldwide+Deployment+of+Destructive+Malware+and+Other+Disruptive+Actions+in+Cyberspace&rft.pub=U.S.+Department+of+Justice&rft.date=2020-10-19&rft_id=https%3A%2F%2Fwww.justice.gov%2Fopa%2Fpr%2Fsix-russian-gru-officers-charged-connection-worldwide-deployment-destructive-malware-and&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> <li id="cite_note-73"><span class="mw-cite-backlink"><b><a href="#cite_ref-73">^</a></b></span> <span class="reference-text"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation pressrelease cs1"><a rel="nofollow" class="external text" href="https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games">"UK exposes series of Russian cyber attacks against Olympic and Paralympic Games"</a> (Press release). <a href="/wiki/Foreign,_Commonwealth_%26_Development_Office" class="mw-redirect" title="Foreign, Commonwealth & Development Office">Foreign, Commonwealth & Development Office</a>. 19 October 2020. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20201020074542/https://www.gov.uk/government/news/uk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games">Archived</a> from the original on 20 October 2020<span class="reference-accessdate">. Retrieved <span class="nowrap">20 October</span> 2020</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=UK+exposes+series+of+Russian+cyber+attacks+against+Olympic+and+Paralympic+Games&rft.pub=Foreign%2C+Commonwealth+%26+Development+Office&rft.date=2020-10-19&rft_id=https%3A%2F%2Fwww.gov.uk%2Fgovernment%2Fnews%2Fuk-exposes-series-of-russian-cyber-attacks-against-olympic-and-paralympic-games&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></span> </li> </ol></div></div> <div class="mw-heading mw-heading2"><h2 id="Further_reading">Further reading</h2><span class="mw-editsection"><span class="mw-editsection-bracket">[</span><a href="/w/index.php?title=Petya_(malware_family)&action=edit&section=10" title="Edit section: Further reading"><span>edit</span></a><span class="mw-editsection-bracket">]</span></span></div> <style data-mw-deduplicate="TemplateStyles:r1239549316">.mw-parser-output .refbegin{margin-bottom:0.5em}.mw-parser-output .refbegin-hanging-indents>ul{margin-left:0}.mw-parser-output .refbegin-hanging-indents>ul>li{margin-left:0;padding-left:3.2em;text-indent:-3.2em}.mw-parser-output .refbegin-hanging-indents ul,.mw-parser-output .refbegin-hanging-indents ul li{list-style:none}@media(max-width:720px){.mw-parser-output .refbegin-hanging-indents>ul>li{padding-left:1.6em;text-indent:-1.6em}}.mw-parser-output .refbegin-columns{margin-top:0.3em}.mw-parser-output .refbegin-columns ul{margin-top:0}.mw-parser-output .refbegin-columns li{page-break-inside:avoid;break-inside:avoid-column}@media screen{.mw-parser-output .refbegin{font-size:90%}}</style><div class="refbegin" style=""> <ul><li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGreenberg2018" class="citation magazine cs1">Greenberg, Andy (22 August 2018). <a rel="nofollow" class="external text" href="https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/">"The Untold Story of NotPetya, the Most Devastating Cyberattack in History"</a>. <i><a href="/wiki/Wired_(magazine)" title="Wired (magazine)">Wired</a></i>. <a href="/wiki/ISSN_(identifier)" class="mw-redirect" title="ISSN (identifier)">ISSN</a> <a rel="nofollow" class="external text" href="https://search.worldcat.org/issn/1059-1028">1059-1028</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180822200418/https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/">Archived</a> from the original on 22 August 2018<span class="reference-accessdate">. Retrieved <span class="nowrap">26 August</span> 2018</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Wired&rft.atitle=The+Untold+Story+of+NotPetya%2C+the+Most+Devastating+Cyberattack+in+History&rft.date=2018-08-22&rft.issn=1059-1028&rft.aulast=Greenberg&rft.aufirst=Andy&rft_id=https%3A%2F%2Fwww.wired.com%2Fstory%2Fnotpetya-cyberattack-ukraine-russia-code-crashed-the-world%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></li></ul> <ul><li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://usa.kaspersky.com/resource-center/threats/blackenergy">"BlackEnergy APT Attacks in Ukraine"</a>. <i>usa.kaspersky.com</i>. 13 January 2021<span class="reference-accessdate">. Retrieved <span class="nowrap">7 April</span> 2023</span>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=usa.kaspersky.com&rft.atitle=BlackEnergy+APT+Attacks+in+Ukraine&rft.date=2021-01-13&rft_id=https%3A%2F%2Fusa.kaspersky.com%2Fresource-center%2Fthreats%2Fblackenergy&rfr_id=info%3Asid%2Fen.wikipedia.org%3APetya+%28malware+family%29" class="Z3988"></span></li></ul> </div> <div class="navbox-styles"><style data-mw-deduplicate="TemplateStyles:r1129693374">.mw-parser-output .hlist dl,.mw-parser-output .hlist ol,.mw-parser-output .hlist ul{margin:0;padding:0}.mw-parser-output .hlist dd,.mw-parser-output .hlist dt,.mw-parser-output .hlist li{margin:0;display:inline}.mw-parser-output .hlist.inline,.mw-parser-output .hlist.inline dl,.mw-parser-output .hlist.inline ol,.mw-parser-output .hlist.inline ul,.mw-parser-output .hlist dl dl,.mw-parser-output .hlist dl ol,.mw-parser-output .hlist dl ul,.mw-parser-output .hlist ol dl,.mw-parser-output .hlist ol ol,.mw-parser-output .hlist ol ul,.mw-parser-output .hlist ul dl,.mw-parser-output .hlist ul ol,.mw-parser-output .hlist ul ul{display:inline}.mw-parser-output .hlist .mw-empty-li{display:none}.mw-parser-output .hlist dt::after{content:": "}.mw-parser-output .hlist dd::after,.mw-parser-output .hlist li::after{content:" · ";font-weight:bold}.mw-parser-output .hlist dd:last-child::after,.mw-parser-output .hlist dt:last-child::after,.mw-parser-output .hlist li:last-child::after{content:none}.mw-parser-output .hlist dd dd:first-child::before,.mw-parser-output .hlist dd dt:first-child::before,.mw-parser-output .hlist dd li:first-child::before,.mw-parser-output .hlist dt dd:first-child::before,.mw-parser-output .hlist dt dt:first-child::before,.mw-parser-output .hlist dt li:first-child::before,.mw-parser-output .hlist li dd:first-child::before,.mw-parser-output .hlist li dt:first-child::before,.mw-parser-output .hlist li li:first-child::before{content:" (";font-weight:normal}.mw-parser-output .hlist dd dd:last-child::after,.mw-parser-output .hlist dd dt:last-child::after,.mw-parser-output .hlist dd li:last-child::after,.mw-parser-output .hlist dt dd:last-child::after,.mw-parser-output .hlist dt dt:last-child::after,.mw-parser-output .hlist dt li:last-child::after,.mw-parser-output .hlist li dd:last-child::after,.mw-parser-output .hlist li dt:last-child::after,.mw-parser-output .hlist li li:last-child::after{content:")";font-weight:normal}.mw-parser-output .hlist ol{counter-reset:listitem}.mw-parser-output .hlist ol>li{counter-increment:listitem}.mw-parser-output .hlist ol>li::before{content:" "counter(listitem)"\a0 "}.mw-parser-output .hlist dd ol>li:first-child::before,.mw-parser-output .hlist dt ol>li:first-child::before,.mw-parser-output .hlist li ol>li:first-child::before{content:" ("counter(listitem)"\a0 "}</style><style data-mw-deduplicate="TemplateStyles:r1236075235">.mw-parser-output .navbox{box-sizing:border-box;border:1px solid #a2a9b1;width:100%;clear:both;font-size:88%;text-align:center;padding:1px;margin:1em auto 0}.mw-parser-output .navbox .navbox{margin-top:0}.mw-parser-output .navbox+.navbox,.mw-parser-output .navbox+.navbox-styles+.navbox{margin-top:-1px}.mw-parser-output .navbox-inner,.mw-parser-output .navbox-subgroup{width:100%}.mw-parser-output .navbox-group,.mw-parser-output .navbox-title,.mw-parser-output .navbox-abovebelow{padding:0.25em 1em;line-height:1.5em;text-align:center}.mw-parser-output .navbox-group{white-space:nowrap;text-align:right}.mw-parser-output .navbox,.mw-parser-output .navbox-subgroup{background-color:#fdfdfd}.mw-parser-output .navbox-list{line-height:1.5em;border-color:#fdfdfd}.mw-parser-output .navbox-list-with-group{text-align:left;border-left-width:2px;border-left-style:solid}.mw-parser-output tr+tr>.navbox-abovebelow,.mw-parser-output tr+tr>.navbox-group,.mw-parser-output tr+tr>.navbox-image,.mw-parser-output tr+tr>.navbox-list{border-top:2px solid #fdfdfd}.mw-parser-output .navbox-title{background-color:#ccf}.mw-parser-output .navbox-abovebelow,.mw-parser-output .navbox-group,.mw-parser-output .navbox-subgroup .navbox-title{background-color:#ddf}.mw-parser-output .navbox-subgroup .navbox-group,.mw-parser-output .navbox-subgroup .navbox-abovebelow{background-color:#e6e6ff}.mw-parser-output .navbox-even{background-color:#f7f7f7}.mw-parser-output .navbox-odd{background-color:transparent}.mw-parser-output .navbox .hlist td dl,.mw-parser-output .navbox .hlist td ol,.mw-parser-output .navbox .hlist td ul,.mw-parser-output .navbox td.hlist dl,.mw-parser-output .navbox td.hlist ol,.mw-parser-output .navbox td.hlist ul{padding:0.125em 0}.mw-parser-output .navbox .navbar{display:block;font-size:100%}.mw-parser-output .navbox-title .navbar{float:left;text-align:left;margin-right:0.5em}body.skin--responsive .mw-parser-output .navbox-image img{max-width:none!important}@media print{body.ns-0 .mw-parser-output .navbox{display:none!important}}</style></div><div role="navigation" class="navbox" aria-labelledby="Hacking_in_the_2010s778" style="padding:3px"><table class="nowraplinks hlist mw-collapsible autocollapse navbox-inner" style="border-spacing:0;background:transparent;color:inherit"><tbody><tr><th scope="col" class="navbox-title" colspan="2"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><style data-mw-deduplicate="TemplateStyles:r1239400231">.mw-parser-output .navbar{display:inline;font-size:88%;font-weight:normal}.mw-parser-output .navbar-collapse{float:left;text-align:left}.mw-parser-output .navbar-boxtext{word-spacing:0}.mw-parser-output .navbar ul{display:inline-block;white-space:nowrap;line-height:inherit}.mw-parser-output .navbar-brackets::before{margin-right:-0.125em;content:"[ "}.mw-parser-output .navbar-brackets::after{margin-left:-0.125em;content:" ]"}.mw-parser-output .navbar li{word-spacing:-0.125em}.mw-parser-output .navbar a>span,.mw-parser-output .navbar a>abbr{text-decoration:inherit}.mw-parser-output .navbar-mini abbr{font-variant:small-caps;border-bottom:none;text-decoration:none;cursor:inherit}.mw-parser-output .navbar-ct-full{font-size:114%;margin:0 7em}.mw-parser-output .navbar-ct-mini{font-size:114%;margin:0 4em}html.skin-theme-clientpref-night .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}@media(prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}}@media print{.mw-parser-output .navbar{display:none!important}}</style><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:Hacking_in_the_2010s" title="Template:Hacking in the 2010s"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:Hacking_in_the_2010s" title="Template talk:Hacking in the 2010s"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:Hacking_in_the_2010s" title="Special:EditPage/Template:Hacking in the 2010s"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="Hacking_in_the_2010s778" style="font-size:114%;margin:0 4em">Hacking in the 2010s</div></th></tr><tr><td class="navbox-abovebelow" colspan="2"><div><table style="width:100%; margin:1px; display:inline-table;"><tbody><tr> <td style="text-align:left; vertical-align:middle; padding:0 0.5em 0 0;" class="noprint">← <a href="/wiki/Template:Hacking_in_the_2000s" title="Template:Hacking in the 2000s">2000s</a></td> <td style="text-align:center; vertical-align:middle;; padding:0 1px;" class=""><a href="/wiki/Timeline_of_computer_security_hacker_history#2010s" class="mw-redirect" title="Timeline of computer security hacker history">Timeline</a></td> <td style="text-align:right; vertical-align:middle;; padding:0 0 0 0.5em;" class="noprint"><a href="/wiki/Template:Hacking_in_the_2020s" title="Template:Hacking in the 2020s">2020s</a> →</td> </tr></tbody></table></div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Major incidents</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks navbox-subgroup" style="border-spacing:0"><tbody><tr><th scope="row" class="navbox-group" style="width:1%">2010</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Operation_Aurora" title="Operation Aurora">Operation Aurora</a> (publication of 2009 events)</li> <li><a href="/wiki/February_2010_Australian_cyberattacks" title="February 2010 Australian cyberattacks">Australian cyberattacks</a></li> <li><a href="/wiki/Operation_Olympic_Games" title="Operation Olympic Games">Operation Olympic Games</a></li> <li><a href="/wiki/Shadow_Network" title="Shadow Network">Operation ShadowNet</a></li> <li><a href="/wiki/Operation_Payback" title="Operation Payback">Operation Payback</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2011</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/2011_Canadian_government_hackings" title="2011 Canadian government hackings">Canadian government</a></li> <li><a href="/wiki/DigiNotar" title="DigiNotar">DigiNotar</a></li> <li><a href="/wiki/DNSChanger" title="DNSChanger">DNSChanger</a></li> <li><a href="/wiki/HBGary" title="HBGary">HBGary Federal</a></li> <li><a href="/wiki/Operation_AntiSec" title="Operation AntiSec">Operation AntiSec</a></li> <li><a href="/wiki/2011_PlayStation_Network_outage" title="2011 PlayStation Network outage">PlayStation network outage</a></li> <li><a href="/wiki/RSA_SecurID#March_2011_system_compromise" title="RSA SecurID">RSA SecurID compromise</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2012</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/2012_LinkedIn_hack" title="2012 LinkedIn hack">LinkedIn hack</a></li> <li><a href="/wiki/Stratfor_email_leak" title="Stratfor email leak">Stratfor email leak</a></li> <li><a href="/wiki/Operation_High_Roller" title="Operation High Roller">Operation High Roller</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2013</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/2013_South_Korea_cyberattack" title="2013 South Korea cyberattack">South Korea cyberattack</a></li> <li><a href="/wiki/Snapchat#December_2013_hack" title="Snapchat">Snapchat hack</a></li> <li><a href="/wiki/June_25_cyber_terror" class="mw-redirect" title="June 25 cyber terror">Cyberterrorism attack of June 25</a></li> <li><a href="/wiki/Yahoo!_data_breaches#August_2013:_breach" class="mw-redirect" title="Yahoo! data breaches">2013 Yahoo! data breach</a></li> <li><a href="/wiki/2013_Singapore_cyberattacks" title="2013 Singapore cyberattacks">Singapore cyberattacks</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2014</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Anthem_medical_data_breach" title="Anthem medical data breach">Anthem medical data breach</a></li> <li><a href="/wiki/Operation_Tovar" title="Operation Tovar">Operation Tovar</a></li> <li><a href="/wiki/2014_celebrity_nude_photo_leak" title="2014 celebrity nude photo leak">2014 celebrity nude photo leak</a></li> <li><a href="/wiki/2014_JPMorgan_Chase_data_breach" title="2014 JPMorgan Chase data breach">2014 JPMorgan Chase data breach</a></li> <li><a href="/wiki/2014_Sony_Pictures_hack" title="2014 Sony Pictures hack">2014 Sony Pictures hack</a></li> <li><a href="/wiki/2014_Russian_hacker_password_theft" title="2014 Russian hacker password theft">Russian hacker password theft</a></li> <li><a href="/wiki/Yahoo!_data_breaches#Late_2014:_breach" class="mw-redirect" title="Yahoo! data breaches">2014 Yahoo! data breach</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2015</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Office_of_Personnel_Management_data_breach" title="Office of Personnel Management data breach">Office of Personnel Management data breach</a></li> <li><a href="/wiki/HackingTeam#2015_data_breach" title="HackingTeam">HackingTeam</a></li> <li><a href="/wiki/Ashley_Madison_data_breach" title="Ashley Madison data breach">Ashley Madison data breach</a></li> <li><a href="/wiki/VTech#2015_data_breach" title="VTech">VTech data breach</a></li> <li><a href="/wiki/2015_Ukraine_power_grid_hack" title="2015 Ukraine power grid hack">Ukrainian Power Grid Cyberattack</a></li> <li><a href="/wiki/2015%E2%80%932016_SWIFT_banking_hack" title="2015–2016 SWIFT banking hack">SWIFT banking hack</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2016</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Bangladesh_Bank_robbery" title="Bangladesh Bank robbery">Bangladesh Bank robbery</a></li> <li><a href="/wiki/Hollywood_Presbyterian_Medical_Center#Ransomware" title="Hollywood Presbyterian Medical Center">Hollywood Presbyterian Medical Center ransomware incident</a></li> <li><a href="/wiki/Commission_on_Elections_data_breach" title="Commission on Elections data breach">Commission on Elections data breach</a></li> <li><a href="/wiki/Democratic_National_Committee_cyber_attacks" title="Democratic National Committee cyber attacks">Democratic National Committee cyber attacks</a></li> <li><a href="/wiki/Vietnamese_airports_hackings" title="Vietnamese airports hackings">Vietnam Airport Hacks</a></li> <li><a href="/wiki/Democratic_Congressional_Campaign_Committee_cyber_attacks" title="Democratic Congressional Campaign Committee cyber attacks">DCCC cyber attacks</a></li> <li><a href="/wiki/2016_Indian_Banks_data_breach" class="mw-redirect" title="2016 Indian Banks data breach">Indian Bank data breaches</a></li> <li><a href="/wiki/Surkov_leaks" title="Surkov leaks">Surkov leaks</a></li> <li><a href="/wiki/DDoS_attacks_on_Dyn" title="DDoS attacks on Dyn">Dyn cyberattack</a></li> <li><a href="/wiki/Russian_interference_in_the_2016_United_States_elections" title="Russian interference in the 2016 United States elections">Russian interference in the 2016 U.S. elections</a></li> <li><a href="/wiki/2016_Bitfinex_hack" title="2016 Bitfinex hack">2016 Bitfinex hack</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2017</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/SHA1#SHAttered_–_first_public_collision" class="mw-redirect" title="SHA1">SHAttered</a></li> <li><a href="/wiki/2017_Macron_e-mail_leaks" title="2017 Macron e-mail leaks">2017 Macron e-mail leaks</a></li> <li><a href="/wiki/WannaCry_ransomware_attack" title="WannaCry ransomware attack">WannaCry ransomware attack</a></li> <li><a href="/wiki/2017_Westminster_data_breach" title="2017 Westminster data breach">Westminster data breach</a></li> <li><a class="mw-selflink selflink">Petya and NotPetya</a> <ul><li><a href="/wiki/2017_Ukraine_ransomware_attacks" title="2017 Ukraine ransomware attacks">2017 Ukraine ransomware attacks</a></li></ul></li> <li><a href="/wiki/2017_Equifax_data_breach" title="2017 Equifax data breach">Equifax data breach</a></li> <li><a href="/wiki/Deloitte#E-mail_hack" title="Deloitte">Deloitte breach</a></li> <li><a href="/wiki/Disqus#October_2017_security_breach" title="Disqus">Disqus breach</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2018</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Trustico#DigiCert_and_Trustico_spat,_2018" title="Trustico">Trustico</a></li> <li><a href="/wiki/Atlanta_government_ransomware_attack" title="Atlanta government ransomware attack">Atlanta cyberattack</a></li> <li><a href="/wiki/2018_SingHealth_data_breach" title="2018 SingHealth data breach">SingHealth data breach</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2019</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/2019_cyberattacks_on_Sri_Lanka" title="2019 cyberattacks on Sri Lanka">Sri Lanka cyberattack</a></li> <li><a href="/wiki/2019_Baltimore_ransomware_attack" title="2019 Baltimore ransomware attack">Baltimore ransomware attack</a></li> <li><a href="/wiki/2019_Bulgarian_revenue_agency_hack" class="mw-redirect" title="2019 Bulgarian revenue agency hack">Bulgarian revenue agency hack</a></li> <li><a href="/wiki/WhatsApp_snooping_scandal" title="WhatsApp snooping scandal">WhatsApp snooping scandal</a></li> <li><a href="/wiki/Jeff_Bezos_phone_hacking_incident" title="Jeff Bezos phone hacking incident">Jeff Bezos phone hacking incident</a></li></ul> </div></td></tr></tbody></table><div></div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Hacktivism" title="Hacktivism">Hacktivism</a></th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Anonymous_(hacker_group)" title="Anonymous (hacker group)">Anonymous</a> <ul><li><a href="/wiki/Timeline_of_events_associated_with_Anonymous" title="Timeline of events associated with Anonymous">associated events</a></li></ul></li> <li><a href="/wiki/CyberBerkut" title="CyberBerkut">CyberBerkut</a></li> <li><a href="/wiki/Gay_Nigger_Association_of_America" title="Gay Nigger Association of America">GNAA</a></li> <li><a href="/wiki/Goatse_Security" title="Goatse Security">Goatse Security</a></li> <li><a href="/wiki/Lizard_Squad" title="Lizard Squad">Lizard Squad</a></li> <li><a href="/wiki/LulzRaft" title="LulzRaft">LulzRaft</a></li> <li><a href="/wiki/LulzSec" title="LulzSec">LulzSec</a></li> <li><a href="/wiki/2016_Dyn_cyberattack#Perpetrators" class="mw-redirect" title="2016 Dyn cyberattack">New World Hackers</a></li> <li><a href="/wiki/NullCrew" title="NullCrew">NullCrew</a></li> <li><a href="/wiki/OurMine" title="OurMine">OurMine</a></li> <li><a href="/wiki/PayPal_14" title="PayPal 14">PayPal 14</a></li> <li><a href="/wiki/RedHack" title="RedHack">RedHack</a></li> <li><a href="/wiki/Teamp0ison" title="Teamp0ison">Teamp0ison</a></li> <li><a href="/wiki/The_Dark_Overlord_(hacker_group)" title="The Dark Overlord (hacker group)"> TDO </a></li> <li><a href="/wiki/UGNazi" title="UGNazi">UGNazi</a></li> <li><a href="/wiki/Ukrainian_Cyber_Alliance" title="Ukrainian Cyber Alliance">Ukrainian Cyber Alliance</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Advanced_persistent_threat" title="Advanced persistent threat">Advanced<br />persistent threats</a></th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Bangladesh_Black_Hat_Hackers" title="Bangladesh Black Hat Hackers">Bangladesh Black Hat Hackers</a></li> <li><a href="/wiki/Bureau_121" title="Bureau 121">Bureau 121</a></li> <li><a href="/wiki/Charming_Kitten" title="Charming Kitten">Charming Kitten</a></li> <li><a href="/wiki/Cozy_Bear" title="Cozy Bear">Cozy Bear</a></li> <li><a href="/wiki/Dark_Basin" title="Dark Basin">Dark Basin</a></li> <li><a href="/wiki/DarkMatter_Group" title="DarkMatter Group">DarkMatter</a></li> <li><a href="/wiki/Elfin_Team" title="Elfin Team">Elfin Team</a></li> <li><a href="/wiki/Equation_Group" title="Equation Group">Equation Group</a></li> <li><a href="/wiki/Fancy_Bear" title="Fancy Bear">Fancy Bear</a></li> <li><a href="/wiki/Stuxnet#History" title="Stuxnet">GOSSIPGIRL</a> (confederation)</li> <li><a href="/wiki/Guccifer_2.0" title="Guccifer 2.0">Guccifer 2.0</a></li> <li><a href="/wiki/Hacking_Team" class="mw-redirect" title="Hacking Team">Hacking Team</a></li> <li><a href="/wiki/Helix_Kitten" title="Helix Kitten">Helix Kitten</a></li> <li><a href="/wiki/Iranian_Cyber_Army" title="Iranian Cyber Army">Iranian Cyber Army</a></li> <li><a href="/wiki/Lazarus_Group" title="Lazarus Group">Lazarus Group</a> <ul><li><a href="/wiki/Lazarus_Group#BlueNorOff" title="Lazarus Group">BlueNorOff</a></li> <li><a href="/wiki/Lazarus_Group#AndAriel" title="Lazarus Group">AndAriel</a></li></ul></li> <li><a href="/wiki/NSO_Group" title="NSO Group">NSO Group</a></li> <li><a href="/wiki/Numbered_Panda" title="Numbered Panda">Numbered Panda</a></li> <li><a href="/wiki/PLA_Unit_61398" title="PLA Unit 61398">PLA Unit 61398</a></li> <li><a href="/wiki/PLA_Unit_61486" title="PLA Unit 61486">PLA Unit 61486</a></li> <li><a href="/wiki/PLATINUM_(cybercrime_group)" title="PLATINUM (cybercrime group)">PLATINUM</a></li> <li><a href="/wiki/Pranknet" title="Pranknet">Pranknet</a></li> <li><a href="/wiki/Red_Apollo" title="Red Apollo">Red Apollo</a></li> <li><a href="/wiki/Rocket_Kitten" title="Rocket Kitten">Rocket Kitten</a></li> <li><a href="/wiki/Stealth_Falcon" title="Stealth Falcon">Stealth Falcon</a></li> <li><a href="/wiki/Syrian_Electronic_Army" title="Syrian Electronic Army">Syrian Electronic Army</a></li> <li><a href="/wiki/Tailored_Access_Operations" title="Tailored Access Operations">Tailored Access Operations</a></li> <li><a href="/wiki/The_Shadow_Brokers" title="The Shadow Brokers">The Shadow Brokers</a></li> <li><a href="/wiki/XDedic" title="XDedic">xDedic</a></li> <li><a href="/wiki/Yemen_Cyber_Army" title="Yemen Cyber Army">Yemen Cyber Army</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Hacker" title="Hacker">Individuals</a></th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Ryan_Ackroyd" title="Ryan Ackroyd">Ryan Ackroyd</a></li> <li><a href="/wiki/Mustafa_Al-Bassam" title="Mustafa Al-Bassam">Mustafa Al-Bassam</a></li> <li><a href="/wiki/Cyber_Anakin" title="Cyber Anakin">Cyber Anakin</a></li> <li><a href="/wiki/George_Hotz" title="George Hotz">George Hotz</a></li> <li><a href="/wiki/Guccifer" title="Guccifer">Guccifer</a></li> <li><a href="/wiki/Elliott_Gunton" title="Elliott Gunton">Elliott Gunton</a></li> <li><a href="/wiki/Jeremy_Hammond" title="Jeremy Hammond">Jeremy Hammond</a></li> <li><a href="/wiki/Junaid_Hussain" title="Junaid Hussain">Junaid Hussain</a></li> <li><a href="/wiki/MLT_(hacktivist)" title="MLT (hacktivist)">MLT</a></li> <li><a href="/wiki/Hector_Monsegur" title="Hector Monsegur">Sabu</a></li> <li><a href="/wiki/Roman_Seleznev" title="Roman Seleznev">Track2</a></li> <li><a href="/wiki/Topiary_(hacktivist)" title="Topiary (hacktivist)">Topiary</a></li> <li><a href="/wiki/The_Jester_(hacktivist)" title="The Jester (hacktivist)">The Jester</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Major <a href="/wiki/Vulnerability_(computing)" class="mw-redirect" title="Vulnerability (computing)">vulnerabilities</a><br />publicly <a href="/wiki/Full_disclosure_(computer_security)" title="Full disclosure (computer security)">disclosed</a></th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Evercookie" title="Evercookie">Evercookie</a> (2010)</li> <li><a href="/wiki/ISeeYou" title="ISeeYou">iSeeYou</a> (2013)</li> <li><a href="/wiki/Heartbleed" title="Heartbleed"> Heartbleed</a> (2014)</li> <li><a href="/wiki/Shellshock_(software_bug)" title="Shellshock (software bug)">Shellshock</a> (2014)</li> <li><a href="/wiki/POODLE" title="POODLE">POODLE</a> (2014)</li> <li><a href="/wiki/Rootpipe" title="Rootpipe">Rootpipe</a> (2014)</li> <li><a href="/wiki/Row_hammer" title="Row hammer">Row hammer</a> (2014)</li> <li><a href="/wiki/Signaling_System_No._7#Protocol_security_vulnerabilities" class="mw-redirect" title="Signaling System No. 7">SS7 vulnerabilities</a> (2014)</li> <li><a href="/wiki/WinShock" title="WinShock">WinShock</a> (2014)</li> <li><a href="/wiki/JASBUG" title="JASBUG">JASBUG</a> (2015)</li> <li><a href="/wiki/Stagefright_(bug)" title="Stagefright (bug)">Stagefright</a> (2015)</li> <li><a href="/wiki/DROWN_attack" title="DROWN attack">DROWN</a> (2016)</li> <li><a href="/wiki/Badlock" title="Badlock">Badlock</a> (2016)</li> <li><a href="/wiki/Dirty_COW" title="Dirty COW">Dirty COW</a> (2016)</li> <li><a href="/wiki/Cloudbleed" title="Cloudbleed">Cloudbleed</a> (2017)</li> <li><a href="/wiki/Broadcom_Corporation#soc-wifi-vulns" title="Broadcom Corporation">Broadcom Wi-Fi</a> (2017)</li> <li><a href="/wiki/EternalBlue" title="EternalBlue">EternalBlue</a> (2017)</li> <li><a href="/wiki/DoublePulsar" title="DoublePulsar">DoublePulsar</a> (2017)</li> <li><a href="/wiki/Intel_Active_Management_Technology#Silent_Bob_is_Silent" title="Intel Active Management Technology">Silent Bob is Silent</a> (2017)</li> <li><a href="/wiki/KRACK" title="KRACK">KRACK</a> (2017)</li> <li><a href="/wiki/ROCA_vulnerability" title="ROCA vulnerability">ROCA vulnerability</a> (2017)</li> <li><a href="/wiki/BlueBorne_(security_vulnerability)" title="BlueBorne (security vulnerability)">BlueBorne</a> (2017)</li> <li><a href="/wiki/Meltdown_(security_vulnerability)" title="Meltdown (security vulnerability)">Meltdown</a> (2018)</li> <li><a href="/wiki/Spectre_(security_vulnerability)" title="Spectre (security vulnerability)">Spectre</a> (2018)</li> <li><a href="/wiki/EFAIL" title="EFAIL">EFAIL</a> (2018)</li> <li><a href="/wiki/Exactis" title="Exactis">Exactis</a> (2018)</li> <li><a href="/wiki/Speculative_Store_Bypass" title="Speculative Store Bypass">Speculative Store Bypass</a> (2018)</li> <li><a href="/wiki/Lazy_FP_state_restore" title="Lazy FP state restore">Lazy FP state restore</a> (2018)</li> <li><a href="/wiki/TLBleed" title="TLBleed">TLBleed</a> (2018)</li> <li><a href="/wiki/SigSpoof" title="SigSpoof">SigSpoof</a> (2018)</li> <li><a href="/wiki/Foreshadow" title="Foreshadow">Foreshadow</a> (2018)</li> <li><a href="/wiki/Wi-Fi_Protected_Access#Dragonblood_attack" title="Wi-Fi Protected Access">Dragonblood</a> (2019)</li> <li><a href="/wiki/Microarchitectural_Data_Sampling" title="Microarchitectural Data Sampling">Microarchitectural Data Sampling</a> (2019)</li> <li><a href="/wiki/BlueKeep" title="BlueKeep">BlueKeep</a> (2019)</li> <li><a href="/wiki/Kr00k" title="Kr00k">Kr00k</a> (2019)</li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Malware" title="Malware">Malware</a></th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks navbox-subgroup" style="border-spacing:0"><tbody><tr><th scope="row" class="navbox-group" style="width:1%">2010</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Ransomware#Bad_Rabbit" title="Ransomware">Bad Rabbit</a></li> <li><a href="/wiki/BlackEnergy#BlackEnergy_2_(BE2)" title="BlackEnergy"> Black Energy 2</a></li> <li><a href="/wiki/SpyEye" title="SpyEye">SpyEye</a></li> <li><a href="/wiki/Stuxnet" title="Stuxnet">Stuxnet</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2011</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Coreflood" title="Coreflood">Coreflood</a></li> <li><a href="/wiki/Alureon" title="Alureon">Alureon</a></li> <li><a href="/wiki/Duqu" title="Duqu">Duqu</a></li> <li><a href="/wiki/Kelihos_botnet" title="Kelihos botnet">Kelihos</a></li> <li><a href="/wiki/Metulji_botnet" title="Metulji botnet">Metulji botnet</a></li> <li><a href="/wiki/Stars_virus" title="Stars virus">Stars</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2012</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Carna_botnet" title="Carna botnet">Carna</a></li> <li><a href="/wiki/Dexter_(malware)" title="Dexter (malware)">Dexter</a></li> <li><a href="/wiki/FBI_MoneyPak_Ransomware" title="FBI MoneyPak Ransomware">FBI</a></li> <li><a href="/wiki/Flame_(malware)" title="Flame (malware)">Flame</a></li> <li><a href="/wiki/Mahdi_(malware)" title="Mahdi (malware)">Mahdi</a></li> <li><a href="/wiki/Red_October_(malware)" title="Red October (malware)">Red October</a></li> <li><a href="/wiki/Shamoon" title="Shamoon">Shamoon</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2013</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/CryptoLocker" title="CryptoLocker">CryptoLocker</a></li> <li><a href="/wiki/2013_South_Korea_cyberattack" title="2013 South Korea cyberattack">DarkSeoul</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2014</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Brambul" title="Brambul">Brambul</a></li> <li><a href="/wiki/BlackEnergy#BlackEnergy_3_(BE3)" title="BlackEnergy"> Black Energy 3</a></li> <li><a href="/wiki/Carbanak" title="Carbanak">Carbanak</a></li> <li><a href="/wiki/Careto_(malware)" title="Careto (malware)">Careto</a></li> <li><a href="/wiki/DarkHotel" title="DarkHotel">DarkHotel</a></li> <li><a href="/wiki/Duqu_2.0" title="Duqu 2.0">Duqu 2.0</a></li> <li><a href="/wiki/FinFisher" title="FinFisher">FinFisher</a></li> <li><a href="/wiki/Gameover_ZeuS" title="Gameover ZeuS">Gameover ZeuS</a></li> <li><a href="/wiki/Regin_(malware)" title="Regin (malware)">Regin</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2015</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Dridex" title="Dridex">Dridex</a></li> <li><a href="/wiki/Hidden_Tear" title="Hidden Tear">Hidden Tear</a></li> <li><a href="/wiki/Rombertik" title="Rombertik">Rombertik</a></li> <li><a href="/wiki/TeslaCrypt" title="TeslaCrypt">TeslaCrypt</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2016</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Hitler-Ransomware" title="Hitler-Ransomware">Hitler</a></li> <li><a href="/wiki/Jigsaw_(ransomware)" title="Jigsaw (ransomware)">Jigsaw</a></li> <li><a href="/wiki/KeRanger" title="KeRanger">KeRanger</a></li> <li><a href="/wiki/Necurs" class="mw-redirect" title="Necurs">Necurs</a></li> <li><a href="/wiki/MEMZ" title="MEMZ">MEMZ</a></li> <li><a href="/wiki/Mirai_(malware)" title="Mirai (malware)">Mirai</a></li> <li><a href="/wiki/Pegasus_(spyware)" title="Pegasus (spyware)">Pegasus</a></li> <li><a href="/wiki/Petya_and_NotPetya" class="mw-redirect" title="Petya and NotPetya">Petya and NotPetya</a></li> <li><a href="/wiki/X-Agent" title="X-Agent">X-Agent</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2017</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/BrickerBot" title="BrickerBot">BrickerBot</a></li> <li><a href="/wiki/Kirk_Ransomware" title="Kirk Ransomware">Kirk</a></li> <li><a href="/wiki/LogicLocker" title="LogicLocker">LogicLocker</a></li> <li><a href="/wiki/Rensenware" title="Rensenware">Rensenware</a></li> <li><a href="/wiki/Triton_(malware)" title="Triton (malware)">Triton</a></li> <li><a href="/wiki/WannaCry_ransomware_attack" title="WannaCry ransomware attack">WannaCry</a></li> <li><a href="/wiki/Xafecopy_Trojan" title="Xafecopy Trojan">XafeCopy</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2018</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/VPNFilter" title="VPNFilter">VPNFilter</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">2019</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Grum_botnet" title="Grum botnet">Grum</a></li> <li><a href="/wiki/Joanap" title="Joanap">Joanap</a></li> <li><a href="/wiki/NetTraveler" title="NetTraveler">NetTraveler</a></li> <li><a href="/wiki/Chaos_Computer_Club#Staatstrojaner_affair" title="Chaos Computer Club">R2D2</a></li> <li><a href="/wiki/Tiny_Banker_Trojan" title="Tiny Banker Trojan">Tinba</a></li> <li><a href="/wiki/Titanium_(malware)" title="Titanium (malware)">Titanium</a></li> <li><a href="/wiki/ZeroAccess_botnet" title="ZeroAccess botnet">ZeroAccess botnet</a></li></ul> </div></td></tr></tbody></table><div></div></td></tr></tbody></table></div> <!-- NewPP limit report Parsed by mw‐api‐ext.codfw.main‐8554468bf5‐nn8l8 Cached time: 20250225083450 Cache expiry: 2592000 Reduced expiry: false Complications: [vary‐revision‐sha1, show‐toc] CPU time usage: 1.094 seconds Real time usage: 1.257 seconds Preprocessor visited node count: 5696/1000000 Post‐expand include size: 234871/2097152 bytes Template argument size: 1862/2097152 bytes Highest expansion depth: 12/100 Expensive parser function count: 11/500 Unstrip recursion depth: 1/20 Unstrip post‐expand size: 301644/5000000 bytes Lua time usage: 0.682/10.000 seconds Lua memory usage: 7556588/52428800 bytes Number of Wikibase entities loaded: 0/400 --> <!-- Transclusion expansion time report (%,ms,calls,template) 100.00% 1071.944 1 -total 58.42% 626.279 1 Template:Reflist 24.01% 257.425 39 Template:Cite_news 21.39% 229.308 26 Template:Cite_web 11.87% 127.225 3 Template:Navbox 11.58% 124.165 1 Template:Hacking_in_the_2010s 9.41% 100.920 1 Template:Short_description 6.18% 66.292 1 Template:Infobox_computer_virus 6.08% 65.122 2 Template:Pagetype 3.30% 35.402 6 Template:Cite_magazine --> <!-- Saved in parser cache with key enwiki:pcache:54406327:|#|:idhash:canonical and timestamp 20250225083501 and revision id 1277547373. Rendering was triggered because: page-edit --> </div><!--esi <esi:include src="/esitest-fa8a495983347898/content" /> --><noscript><img src="https://login.wikimedia.org/wiki/Special:CentralAutoLogin/start?useformat=desktop&type=1x1&usesul3=0" alt="" width="1" height="1" style="border: none; position: absolute;"></noscript> <div class="printfooter" data-nosnippet="">Retrieved from "<a dir="ltr" href="https://en.wikipedia.org/w/index.php?title=Petya_(malware_family)&oldid=1277547373">https://en.wikipedia.org/w/index.php?title=Petya_(malware_family)&oldid=1277547373</a>"</div></div> <div id="catlinks" class="catlinks" data-mw="interface"><div id="mw-normal-catlinks" class="mw-normal-catlinks"><a href="/wiki/Help:Category" title="Help:Category">Categories</a>: <ul><li><a href="/wiki/Category:2017_in_computing" title="Category:2017 in computing">2017 in computing</a></li><li><a href="/wiki/Category:2017_in_Ukraine" title="Category:2017 in Ukraine">2017 in Ukraine</a></li><li><a href="/wiki/Category:Cyberattacks" title="Category:Cyberattacks">Cyberattacks</a></li><li><a href="/wiki/Category:Cybercrime" title="Category:Cybercrime">Cybercrime</a></li><li><a href="/wiki/Category:Cybercrime_in_India" title="Category:Cybercrime in India">Cybercrime in India</a></li><li><a href="/wiki/Category:Hacking_in_the_2010s" title="Category:Hacking in the 2010s">Hacking in the 2010s</a></li><li><a href="/wiki/Category:June_2017_crimes" title="Category:June 2017 crimes">June 2017 crimes</a></li><li><a href="/wiki/Category:Ransomware" title="Category:Ransomware">Ransomware</a></li><li><a href="/wiki/Category:India%E2%80%93Russia_relations" title="Category:India–Russia relations">India–Russia relations</a></li></ul></div><div id="mw-hidden-catlinks" class="mw-hidden-catlinks mw-hidden-cats-hidden">Hidden categories: <ul><li><a href="/wiki/Category:CS1_German-language_sources_(de)" title="Category:CS1 German-language sources (de)">CS1 German-language sources (de)</a></li><li><a href="/wiki/Category:CS1_Ukrainian-language_sources_(uk)" title="Category:CS1 Ukrainian-language sources (uk)">CS1 Ukrainian-language sources (uk)</a></li><li><a href="/wiki/Category:CS1_Estonian-language_sources_(et)" title="Category:CS1 Estonian-language sources (et)">CS1 Estonian-language sources (et)</a></li><li><a href="/wiki/Category:Articles_with_short_description" title="Category:Articles with short description">Articles with short description</a></li><li><a href="/wiki/Category:Short_description_matches_Wikidata" title="Category:Short description matches Wikidata">Short description matches Wikidata</a></li><li><a href="/wiki/Category:Use_dmy_dates_from_January_2020" title="Category:Use dmy dates from January 2020">Use dmy dates from January 2020</a></li></ul></div></div> </div> </main> </div> <div class="mw-footer-container"> <footer id="footer" class="mw-footer" > <ul id="footer-info"> <li id="footer-info-lastmod"> This page was last edited on 25 February 2025, at 08:34<span class="anonymous-show"> (UTC)</span>.</li> <li id="footer-info-copyright">Text is available under the <a href="/wiki/Wikipedia:Text_of_the_Creative_Commons_Attribution-ShareAlike_4.0_International_License" title="Wikipedia:Text of the Creative Commons Attribution-ShareAlike 4.0 International License">Creative Commons Attribution-ShareAlike 4.0 License</a>; additional terms may apply. By using this site, you agree to the <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use" class="extiw" title="foundation:Special:MyLanguage/Policy:Terms of Use">Terms of Use</a> and <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy" class="extiw" title="foundation:Special:MyLanguage/Policy:Privacy policy">Privacy Policy</a>. Wikipedia® is a registered trademark of the <a rel="nofollow" class="external text" href="https://wikimediafoundation.org/">Wikimedia Foundation, Inc.</a>, a non-profit organization.</li> </ul> <ul id="footer-places"> <li id="footer-places-privacy"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy">Privacy policy</a></li> <li id="footer-places-about"><a href="/wiki/Wikipedia:About">About Wikipedia</a></li> <li id="footer-places-disclaimers"><a href="/wiki/Wikipedia:General_disclaimer">Disclaimers</a></li> <li id="footer-places-contact"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us">Contact Wikipedia</a></li> <li id="footer-places-wm-codeofconduct"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Universal_Code_of_Conduct">Code of Conduct</a></li> <li id="footer-places-developers"><a href="https://developer.wikimedia.org">Developers</a></li> <li id="footer-places-statslink"><a href="https://stats.wikimedia.org/#/en.wikipedia.org">Statistics</a></li> <li id="footer-places-cookiestatement"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Cookie_statement">Cookie statement</a></li> <li id="footer-places-mobileview"><a href="//en.m.wikipedia.org/w/index.php?title=Petya_(malware_family)&mobileaction=toggle_view_mobile" class="noprint stopMobileRedirectToggle">Mobile view</a></li> </ul> <ul id="footer-icons" class="noprint"> <li id="footer-copyrightico"><a href="https://wikimediafoundation.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><picture><source media="(min-width: 500px)" srcset="/static/images/footer/wikimedia-button.svg" width="84" height="29"><img src="/static/images/footer/wikimedia.svg" width="25" height="25" alt="Wikimedia Foundation" lang="en" loading="lazy"></picture></a></li> <li id="footer-poweredbyico"><a href="https://www.mediawiki.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><picture><source media="(min-width: 500px)" srcset="/w/resources/assets/poweredby_mediawiki.svg" width="88" height="31"><img src="/w/resources/assets/mediawiki_compact.svg" alt="Powered by MediaWiki" width="25" height="25" loading="lazy"></picture></a></li> </ul> </footer> </div> </div> </div> <div class="vector-header-container vector-sticky-header-container"> <div id="vector-sticky-header" class="vector-sticky-header"> <div class="vector-sticky-header-start"> <div class="vector-sticky-header-icon-start vector-button-flush-left vector-button-flush-right" aria-hidden="true"> <button class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-sticky-header-search-toggle" tabindex="-1" data-event-name="ui.vector-sticky-search-form.icon"><span class="vector-icon mw-ui-icon-search mw-ui-icon-wikimedia-search"></span> <span>Search</span> </button> </div> <div role="search" class="vector-search-box-vue vector-search-box-show-thumbnail vector-search-box"> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail"> <form action="/w/index.php" id="vector-sticky-search-form" class="cdx-search-input cdx-search-input--has-end-button"> <div class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia"> <span class="cdx-text-input__icon cdx-text-input__start-icon"></span> </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <div class="vector-sticky-header-context-bar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-sticky-header-toc" class="vector-dropdown mw-portlet mw-portlet-sticky-header-toc vector-sticky-header-toc vector-button-flush-left" > <input type="checkbox" id="vector-sticky-header-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-sticky-header-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-sticky-header-toc-label" for="vector-sticky-header-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" ><span class="vector-icon mw-ui-icon-listBullet mw-ui-icon-wikimedia-listBullet"></span> <span class="vector-dropdown-label-text">Toggle the table of contents</span> </label> <div class="vector-dropdown-content"> <div id="vector-sticky-header-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div class="vector-sticky-header-context-bar-primary" aria-hidden="true" ><span class="mw-page-title-main">Petya (malware family)</span></div> </div> </div> <div class="vector-sticky-header-end" aria-hidden="true"> <div class="vector-sticky-header-icons"> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-talk-sticky-header" tabindex="-1" data-event-name="talk-sticky-header"><span class="vector-icon mw-ui-icon-speechBubbles mw-ui-icon-wikimedia-speechBubbles"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-subject-sticky-header" tabindex="-1" data-event-name="subject-sticky-header"><span class="vector-icon mw-ui-icon-article mw-ui-icon-wikimedia-article"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-history-sticky-header" tabindex="-1" data-event-name="history-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-history mw-ui-icon-wikimedia-wikimedia-history"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only mw-watchlink" id="ca-watchstar-sticky-header" tabindex="-1" data-event-name="watch-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-star mw-ui-icon-wikimedia-wikimedia-star"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-edit-sticky-header" tabindex="-1" data-event-name="wikitext-edit-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-wikiText mw-ui-icon-wikimedia-wikimedia-wikiText"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-ve-edit-sticky-header" tabindex="-1" data-event-name="ve-edit-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-edit mw-ui-icon-wikimedia-wikimedia-edit"></span> <span></span> </a> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only" id="ca-viewsource-sticky-header" tabindex="-1" data-event-name="ve-edit-protected-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-editLock mw-ui-icon-wikimedia-wikimedia-editLock"></span> <span></span> </a> </div> <div class="vector-sticky-header-buttons"> <button class="cdx-button cdx-button--weight-quiet mw-interlanguage-selector" id="p-lang-btn-sticky-header" tabindex="-1" data-event-name="ui.dropdown-p-lang-btn-sticky-header"><span class="vector-icon mw-ui-icon-wikimedia-language mw-ui-icon-wikimedia-wikimedia-language"></span> <span>26 languages</span> </button> <a href="#" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive" id="ca-addsection-sticky-header" tabindex="-1" data-event-name="addsection-sticky-header"><span class="vector-icon mw-ui-icon-speechBubbleAdd-progressive mw-ui-icon-wikimedia-speechBubbleAdd-progressive"></span> <span>Add topic</span> </a> </div> <div class="vector-sticky-header-icon-end"> <div class="vector-user-links"> </div> </div> </div> </div> </div> <div class="vector-settings" id="p-dock-bottom"> <ul></ul> </div><script>(RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgHostname":"mw-web.codfw.main-6cc877bdc-sq6jx","wgBackendResponseTime":142,"wgPageParseReport":{"limitreport":{"cputime":"1.094","walltime":"1.257","ppvisitednodes":{"value":5696,"limit":1000000},"postexpandincludesize":{"value":234871,"limit":2097152},"templateargumentsize":{"value":1862,"limit":2097152},"expansiondepth":{"value":12,"limit":100},"expensivefunctioncount":{"value":11,"limit":500},"unstrip-depth":{"value":1,"limit":20},"unstrip-size":{"value":301644,"limit":5000000},"entityaccesscount":{"value":0,"limit":400},"timingprofile":["100.00% 1071.944 1 -total"," 58.42% 626.279 1 Template:Reflist"," 24.01% 257.425 39 Template:Cite_news"," 21.39% 229.308 26 Template:Cite_web"," 11.87% 127.225 3 Template:Navbox"," 11.58% 124.165 1 Template:Hacking_in_the_2010s"," 9.41% 100.920 1 Template:Short_description"," 6.18% 66.292 1 Template:Infobox_computer_virus"," 6.08% 65.122 2 Template:Pagetype"," 3.30% 35.402 6 Template:Cite_magazine"]},"scribunto":{"limitreport-timeusage":{"value":"0.682","limit":"10.000"},"limitreport-memusage":{"value":7556588,"limit":52428800},"limitreport-logs":"table#1 {\n}\ntable#1 {\n}\n"},"cachereport":{"origin":"mw-api-ext.codfw.main-8554468bf5-nn8l8","timestamp":"20250225083450","ttl":2592000,"transientcontent":false}}});});</script> <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Article","name":"Petya (malware family)","url":"https:\/\/en.wikipedia.org\/wiki\/Petya_(malware_family)","sameAs":"http:\/\/www.wikidata.org\/entity\/Q23670513","mainEntity":"http:\/\/www.wikidata.org\/entity\/Q23670513","author":{"@type":"Organization","name":"Contributors to Wikimedia projects"},"publisher":{"@type":"Organization","name":"Wikimedia Foundation, Inc.","logo":{"@type":"ImageObject","url":"https:\/\/www.wikimedia.org\/static\/images\/wmf-hor-googpub.png"}},"datePublished":"2017-06-27T16:59:32Z","dateModified":"2025-02-25T08:34:49Z","image":"https:\/\/upload.wikimedia.org\/wikipedia\/commons\/6\/65\/2017_Petya_cyberattack_screenshot.png","headline":"family of encrypting ransomware discovered in 2016"}</script> </body> </html>