On June 27, 2017, the NotPetya cyberattack struck, becoming one of the most destructive and costly cyberattacks in history with estimated global damages exceeding $10 billion. The attack was attributed to Russian military intelligence (GRU Sandworm team) and primarily targeted Ukraine, which accounted for approximately 80% of infections, though it rapidly spread worldwide. The initial infection vector was a compromised software update for MeDoc, a widely used Ukrainian tax and accounting application developed by Intellect Service. The attackers had infiltrated MeDoc’s update infrastructure and injected the NotPetya payload into a legitimate software update distributed through the application’s auto-update process (EzVit.exe). Because MeDoc was required by Ukrainian tax law, it was installed on virtually every business computer in Ukraine, giving the attack enormous reach. Once inside a network, NotPetya propagated laterally using the EternalBlue (CVE-2017-0144) and EternalRomance (CVE-2017-0145) exploits targeting SMBv1 vulnerabilities in Microsoft Windows, both patched by Microsoft in MS17-010 in March 2017. It also harvested credentials using a modified version of Mimikatz and spread via Windows Management Instrumentation (WMI) and PsExec. Although it presented a ransom demand, NotPetya was actually a wiper: it irreversibly encrypted the master boot record, making data recovery impossible regardless of payment. Major corporate victims included Maersk (shipping, $250-300 million in losses, 49,000 devices destroyed, all 1,200 business applications rendered inaccessible), Merck (pharmaceutical, over $870 million in damages), FedEx’s TNT Express division ($400 million), advertising firm WPP, law firm DLA Piper, food company Mondelez, construction materials firm Saint-Gobain, and Heritage Valley Health System in Pennsylvania. Ukrainian infrastructure was particularly devastated, including government ministries, banks, the postal service, Kyiv metro, and the Chernobyl nuclear power plant’s radiation monitoring system. In February 2018, the US, UK, and several other governments formally attributed NotPetya to the Russian military, specifically the GRU’s Main Center for Special Technologies (Unit 74455, also known as Sandworm). In October 2020, the US Department of Justice indicted six GRU officers for the attack. NotPetya remains the canonical example of a software supply chain attack causing catastrophic collateral damage and fundamentally changed how organizations assess supply chain cyber risk.