New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Book a Demo
Book a Demo

What Is Petya and NotPetya Ransomware?

By: Cymulate

Last Updated: June 8, 2025

ransomware

In June 2017, a devastating ransomware strain—first believed to be a variant of Petya and later known as NotPetya—caused widespread disruption worldwide. This ransomware encrypts Windows systems, rendering them inoperable and demanding ransom payments.

How Do Petya and NotPetya Spread?

Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable.

Open-source reports indicate that after opening the attached file, the infected machine communicates with the 182.165.29.78 IP address. Following opening a communication channel between the infected machine and the malicious C&C, a screenshot appears which displays that a scan of the hard disk is in progress (CHKDSK).

It is believed that this is when the distribution of the ransomware within the network begins using several communication protocols such as SMBv1, and a number of additional protocols and lists 139, 445, and 135.

The ransomware scans the computer folders and encrypts most of the useful files and data.

After encryption, the ransomware displays a message that requires the user to pay hundreds of dollars for the de-encryption of the data. Victims have a specific amount of time to pay. If payment is not made by the deadline, the ransom increases.

How Cymulate Helps Mitigate Ransomware Risk

Organizations utilize Cymulate’s Ransomware Resilience Assessment to ensure they are prepared for attacks such as the Petya ransomware. The platform's broad range of assessments test for breach feasibility, as well as what would occur if a ransomware attack successfully penetrated an organization. Additionally, attack simulations of new and emerging ransomware payloads are added daily to the platform so organizations can immediately assess their security against the latest threats.

The results of each assessment are used to identify any weak points in the organization's cybersecurity posture. The platform also provides remediation guidance so organizations can close gaps and optimize protection against ransomware attacks.

image
Cymulate
Cymulate empowers organizations to fortify their defenses through continuous assessment and validation of their security posture. With a focus on threat simulation, comprehensive security assessments, and a commitment to innovation, Cymulate equips organizations with the tools and insights needed to stay ahead of cyber threats.
More about Author
Table of Contents
How Do Petya and NotPetya Spread? How Cymulate Helps Mitigate Ransomware Risk
Ready to start?
Book a Demo

Featured Resources

image
Whitepaper

Outsmart Ransomware with Security Controls Validation

Learn the many faces of ransomware and how to avoid being victimized.

Learn More
cymulate blog article
blog

7 Essential Steps to Becoming Ransomware Resilient 

According to Nationwide, ransomware attacks have already surpassed one every 14 seconds and are expected to increase to every two

Read More
image
blog

Akira Ransomware: How to Test and Validate Your Exposure

Akira Ransomware is back in the headlines after the threat group published a record number of new victims' data on

Read More

GET A PERSONALIZED DEMO

Ready to see Cymulate in action?

Book a Demo