Major Ransomware Attack’s Victims Include Airlines, Banks and Utility Services – Attack Spread Across Europe and Moving into U.S.

Author Photo
Jun 27, 2017
20Shares
Submit

The WannaCry ransomware was something out of a cyber-nightmare but the latest attack will surely fill you with dread. As of right now, a huge attack has resulted in several businesses and systems getting compromised, which includes banks, airlines, telecommunications and municipal services. Here are more details on the matter.

A Researcher Claims That the Ransomware Virus Has Been Identified as Petrwrap, Which Happens To Be a Strain of the Petya Ransomware

According to a Kaspersky Lab researcher by the name of Costin Raiu, Petrwrap itself is behaving similarly to the nature of the regular ransomware. What that means is that once the system has been infected, the virus encrypts each computer with a private key, rendering it unusable until the system is decrypted, which is often done after ransom has been paid to the perpetrators.

ransomware-7RelatedScared of Ransomware? Here Are the Top Expert Tips to Better Protect Yourself

So far, the extent of the damage is being reported by Ukrainian businesses, coupled with systems getting compromised at Ukraine’s central bank, state telecom, municipal metro, with Kiev’s Boryspil Airport included in the mix too. While the Ukraine’s Ukrenego electricity supplier was also attacked, the company’s spokesperson said that the power supply to areas has remained intact, which is a good sign.

However, the attack has affected operations at the Chernobyl nuclear power plant, which has switched to manual radiation monitoring due to this outcome. Not surprisingly, infections have also been reported at ATMs, even more so if they are being operated by a previous-generation operating system.

Ukraine was not the only location where the virus decided to wreak havoc as other parts of Europe and the U.S. have been affected. The Danish shipping company Maersk has also reported systems down across multiple sites, including the company’s Russian logistics arm Damco. In addition, the pharmaceutical company Merck and the the U.S. offices of law firm DLA Piper have been reported to be affected.

Origin of the Virus?

The Kaspersky Lab researcher stated that one recovered sample was compiled on June 18th, which suggests that the virus has been infecting machines for some time now. Furthermore, the new ransomware employs the same EternalBlue exploit which was used by WannaCry. This attribute allows it to quickly spread between systems and branch itself to other countries in a very short amount of time.

This exploit targets Windows’ SMB file-sharing system and might have been developed by the NSA. Microsoft earlier decided to do its part by patching the underlying vulnerability for all versions of Windows, but it looks like the latest attack might have been a more sophisticated one.

While Interpol is already following the attack and ransom being paid to the attackers.

There are several more updates coming through, so we will be keeping you up to date on the latest.

Source: Twitter (Costin Raiu)

Submit