NotPetya
A fake ransomware worm flushed through a Ukrainian accounting tool and ate ten billion dollars of global shipping, pharma, and freight in a single afternoon.
On the afternoon of June 27, 2017, screens across Ukraine began displaying the same red-and-black ransom note. Within an hour, the same note was appearing on monitors in Copenhagen, Mumbai, and Hobart.
A trojan horse named M.E.Doc
The carrier was an unglamorous piece of Ukrainian tax software called M.E.Doc — a package roughly as indispensable to doing business in Kyiv as TurboTax in the United States. An attacker had compromised the update server and pushed a malicious patch to every customer at the same time.
What the patch delivered was not really ransomware. It looked like ransomware on the surface, but the decryption key it claimed to offer did not actually exist. The malware's purpose was destruction.
The cost of being in the wrong network
Maersk, the world's largest container shipping line, watched 49,000 laptops and 4,000 servers wipe themselves in the space of an hour. The company stayed afloat because a single domain controller in a Ghanaian office had been offline for an unrelated power outage. That one surviving machine became the seed for rebuilding the entire global Active Directory.
The White House later put the worldwide damage at ten billion dollars and attributed the operation to Russian military intelligence.
What the chronicle remembers
NotPetya is the closest thing the internet has yet produced to a strategic weapon that escaped its target. A campaign aimed at Ukraine collided, within hours, with the supply chains of unrelated companies on other continents. The lesson, still being absorbed, is that any sufficiently connected business now lives in someone else's blast radius.