NotPetya was a destructive malware attack disguised as ransomware, deployed June 27, 2017 via a compromised update to M.E.Doc, a Ukrainian tax accounting software. Although it targeted Ukraine, it propagated globally via SMB and credential-theft mechanisms, causing the most destructive cyberattack in history by total economic damage. The U.S., UK, Australia, and Canada attributed the attack to GRU's Unit 74455 (Sandworm). It is the canonical reference point for catastrophic single-event cyber damage and the basis for the Merck v. Ace insurance war-exclusion litigation.
Details
Date
June 27, 2017
Attribution
GRU (Russian military intelligence) Unit 74455 / Sandworm
AI involvement
none
Initial vector
M.E.Doc Ukrainian tax software supply-chain compromise
Estimated total damages
~$10B globally (low ~$8B, high ~$15B)
Notable victims
Maersk, Merck, FedEx/TNT, Mondelēz, Saint-Gobain, Reckitt Benckiser
Related Wiki Pages
Top Related Pages
Analysis
AI Cyber Damage: Bounding the Tail
Probability-weighted synthesis answer to "How likely is AI-enabled cyber damage to exceed 10% of global GDP by year Y?" — pulls from damage estimat...
Event
SolarWinds (2020)
Risk
Cyberweapons Risk
AI-enabled cyberweapons represent a rapidly escalating threat, with AI-powered attacks surging 72% year-over-year in 2025.
Risk
AI Flash Dynamics
AI systems interacting faster than human oversight can operate, creating cascading failures and systemic risks across financial markets, infrastruc...
Event
Colonial Pipeline (2021)
Historical
Tags
cyber-incidentdestructive-malwaresupply-chainrussiaukrainecritical-infrastructure