A new wave of ransomware attacks is wreaking havoc around the globe, as businesses and governments find their systems held hostage by unknown attackers.
The attack appears to have primarily targeted entities in Ukraine and Russia, including the networks of Russian oil giant Rosfnet and Ukraine’s central bank, state-run power company, andits largest airport, among other entities. However, the attack appears to be quickly spreading to other organizations around the world.
The cyber attack could lead to serious consequences, however, due to the fact that the Company has switched to a reserve control system, neither oil production nor preparation processes were stopped, Rosfnet said in a statement.
Ukraine’s National Bank said in a statement that the cyberattack was causing banks to have difficulties with client services and carrying out banking operations.
On Twitter, Ukrainian Deputy Prime MinisterPavlo Rozenko said Ukraine’s Cabinet of Ministers had also been targeted.
-! "". . pic.twitter.com/B74jMsT0qs
— Rozenko Pavlo (@RozenkoPavlo) June 27, 2017
Some of our gov agencies, private firms were hit by a virus. No need to panic, were putting utmost efforts to tackle the issue pic.twitter.com/RsDnwZD5Oj
— Ukraine / (@Ukraine) June 27, 2017
In addition to major entities in Ukraine and Russia, the ransomware has also hit British marketing firm WPP, andDutch shipping giant Maersk.More victims are expected as security researchers attempt to uncover how the virus is spreading.
Ransomware is a computer virus that encrypts all the files on an infected computer and requires the victim to pay to regain access to their data. A researcher for cybersecurity firm Kaspersky Labidentified this particular virus as the Petrwrapor Petya ransomware. But the firm later clarified that it is not a variant of that malware and is instead a new ransomware that has not been seen before.
— Kaspersky Lab (@kaspersky) June 27, 2017
The malware attack follows another recent scourge of ransomware known as WannaCry, which infected computers in more than 150 countries. Like WannaCry, the new malwareappears to target a vulnerability in some Windows machines that were first revealed by the leak of stolen National Security Agency cyberweapons. The NSA exploit used to carry out the attack, known as EternalBlue, was leaked inApril by a group going by the name Shadow Brokers.
North Korea is suspected of carrying out the WannaCry attack. It is currently too soon to tell who launched Tuesday’s attack.
In the case of the most recent ransomware attack, the malware locks down a users’ computer and demands they pay $300 in bitcointo have their files unlocked. As the Verge reports, very little money has so far been deposited into the bitcoin wallet linked to the malwareabout 1.5 bitcoins, or around $3,500, as of publication.
Clarification:Contrary to initial reports from cybersecurity experts, the malware that caused Tuesday’s attack is not a variant of the Petrwrapor Petya ransomware.