Major Ransomware Attack’s Victims Include Airlines, Banks and Utility Services – Attack Spread Across Europe and Moving into U.S.
The WannaCry ransomware was something out of a cyber-nightmare but the latest attack will surely fill you with dread. As of right now, a huge attack has resulted in several businesses and systems getting compromised, which includes banks, airlines, telecommunications and municipal services. Here are more details on the matter.
A Researcher Claims That the Ransomware Virus Has Been Identified as Petrwrap, Which Happens To Be a Strain of the Petya Ransomware
According to a Kaspersky Lab researcher by the name of Costin Raiu, Petrwrap itself is behaving similarly to the nature of the regular ransomware. What that means is that once the system has been infected, the virus encrypts each computer with a private key, rendering it unusable until the system is decrypted, which is often done after ransom has been paid to the perpetrators.
We confirm some Maersk IT systems are down. The safety of our customers' business and our people is our top priority. Updates to follow.
— Maersk Line (@MaerskLine) June 27, 2017
So far, the extent of the damage is being reported by Ukrainian businesses, coupled with systems getting compromised at Ukraine’s central bank, state telecom, municipal metro, with Kiev’s Boryspil Airport included in the mix too. While the Ukraine’s Ukrenego electricity supplier was also attacked, the company’s spokesperson said that the power supply to areas has remained intact, which is a good sign.
Супермаркет в Харькове pic.twitter.com/H80FFbzSOj
— Mikhail Golub (@golub) June 27, 2017
However, the attack has affected operations at the Chernobyl nuclear power plant, which has switched to manual radiation monitoring due to this outcome. Not surprisingly, infections have also been reported at ATMs, even more so if they are being operated by a previous-generation operating system.
Russia's @Vedomosti has posted pic sent by worker at oil company Bashneft of the lock-out screen seemingly caused by the huge cyber-attack. pic.twitter.com/gF3atpgDCt
— Patrick Reevell (@Reevellp) June 27, 2017
Ukraine was not the only location where the virus decided to wreak havoc as other parts of Europe and the U.S. have been affected. The Danish shipping company Maersk has also reported systems down across multiple sites, including the company’s Russian logistics arm Damco. In addition, the pharmaceutical company Merck and the the U.S. offices of law firm DLA Piper have been reported to be affected.
Origin of the Virus?
The Kaspersky Lab researcher stated that one recovered sample was compiled on June 18th, which suggests that the virus has been infecting machines for some time now. Furthermore, the new ransomware employs the same EternalBlue exploit which was used by WannaCry. This attribute allows it to quickly spread between systems and branch itself to other countries in a very short amount of time.
Source: pharma giant Merck, hit by Petra, has instructed all employees to turn off work IBMs & iPads indefinitely. Company-wide shutdown.
— Kevin Collier (@kevincollier) June 27, 2017
This exploit targets Windows’ SMB file-sharing system and might have been developed by the NSA. Microsoft earlier decided to do its part by patching the underlying vulnerability for all versions of Windows, but it looks like the latest attack might have been a more sophisticated one.
Petya on an ATM. Photo by REUTERS.https://t.co/fDQ0nGyQc6 pic.twitter.com/gT2xQP9wAo
— Mikko Hypponen (@mikko) June 27, 2017
While Interpol is already following the attack and ransom being paid to the attackers.
INTERPOL & its #cyber unit IGCI in #Singapore are closely monitoring suspected #ransomware attack, liaising with member countries, partners
— INTERPOL (@INTERPOL_HQ) June 27, 2017
There are several more updates coming through, so we will be keeping you up to date on the latest.
Source: Twitter (Costin Raiu)
