Ransomware is not a new threat The first example appeared as early as 1989, but cybercriminals didn’t start launching widespread attacks until about 2012. Typically, ransomware takes one of two vectors to infect a network: a phishing attack or by exploiting security loopholes. In the case of a phishing attack, the target receives an email with a document that, once opened, launches the ransomware. In some cases, the attack may use social engineering tools to trick the user into providing the malware with credentials that facilitate the attack. Other types of ransomware don’t require clicking on an infected document. Instead, they take advantage of security holes to compromise systems. NotPetya provides a particularly nasty example of this variant. In one case, it exploited a backdoor in an accounting package popular in Ukraine and then spread to other systems through security flaws (now patched), known as EternalBlue and EternalRomance, in the Windows implementation of the SMB (server message block) protocol. What makes NotPetya so destructive is that there’s no ransom demand. Instead, NotPetya generates a random number to encrypt all data it encounters, permanently destroying it. There’s no way to recover the key to decrypt the data.