Posted on June 28, 2017 at 4:08 PM
Another Massive Ransomware Attack Hits Companies Worldwide
Right now, another massive cyber attack is taking down one company after another. Workers are being sent home because their company’s computers are being held for ransom.
If this sounds familiar, it is because you have heard similar reports recently. When WannaCry hit half the world two months ago, the companies were devastated, and many of them still haven’t recovered. And now, another ransomware is doing the same.
Many agree that the attacks of the new ransomware look similar, and security experts confirmed that the software the ransomware uses is the one made by NSA.
So far, multiple organizations and companies have already been hit, and here are some of them:
- The Madrid office of law firm DLA Piper
- Dutch logistics firm Maersk
- Advertising giant WPP
- US pharmaceutical firm Merck
- Russian oil firm Rosneft
- Government departments in Ukraine
- Kiev airport
- Mondelez, the confectionary firm which owns Cadbury
- Possibly even the Ukrainian nuclear plant Chernobyl (radiation monitor has switched to ‘manual’)
The first reports of cyber attacks seem to have come from the Ukraine. They reported attacks in the government departments, banks, and multiple other institutions and companies.
Even the Ukraine’s international airport was hit, and it currently doesn’t announce any departures, nor arrivals. This country’s central bank has warned other banks and financial institutions, in general, to be weary when conducting regular operations. And there were even reports of attacks on the country’s ministers. These were reported by Pavlo Rozenko, the deputy prime minister himself.
The rest of the world has it equally bad, and multiple companies have reported attacks. WPP has even started tweeting pictures of this attack. Mostly, it is the same as always. The PC is blocked by ransomware, and a note on the screen demands a certain amount of money in Bitcoin. This time, the amount is $300 (£234).
Of course, the message also contains the Bitcoin wallet address too.
Upon confirming the attack, WPP’s share price went down for 1.2%. The company stated that the appropriate measures are being taken and that the update will follow soon. Many other companies have tweeted similar reports.
Maersk is one of them, as well as the Rosneft, the Russian oil firm. Mondelez reported multiple tech problems, which makes it unclear if it is because of this attack or not. Merck has stated that their systems are compromised as a part of a global attack.
We can confirm that Maersk IT systems are down across multiple sites and business units. We are currently assessing the situation.
— Maersk (@Maersk) June 27, 2017
NHS was contacted as well, in order to confirm their status. During WannaCry attack, they were among the ones who suffered the worst, but this time, it seems like the attack skipped them.
Kaspersky’s analyst has identified the ransomware, and it turned out to be the one called Petya/Petrwrap. Avira said that the ransomware uses the exploit called Eternal Blue. The same one was used during the WannaCry attack, and even back then it was confirmed that the NSA is responsible for its development.
The #Petya #ransomware is back using the #EternalBlue exploit – and our #Antivirus customers are protected! #infosec pic.twitter.com/fWap1rRLeA
— Avira (@Avira) June 27, 2017
WannaCry was stopped easily once its kill switch was found, but it seems like this ransomware doesn’t have one.
The majority of the researchers have stated that paying the hackers is a bad idea, but many people did it anyway. The wallet address that hackers posted currently has around 2 Bitcoins (£3,500). However, the email address used for creating the wallet was blocked, which means that the hacker won’t be getting that money, and those who are paying the ransom won’t get their data back.
German service Posteo, which runs the email address used for the wallet, has stated that their abuse team blocked the address immediately since they don’t tolerate such misuses. This means that the money held on the account can’t be accessed anymore, nor can they use this email.