New Global Ransomware Attack Caught Companies in Surprise
While companies are still recovering from last month’s botched cyber attack a new ransomware attack has hit several companies this week locking up 2,000 computers from hospitals, banks and universities all across Europe, from Ukraine to Britain. It resembles the Petya malware, first discovered in 2016.
Petya Attack
Petya isn’t a name for a specific malware but a family of them. First discovered in 2016, the malware targets Windows OS computers which encrypts the NTFS file table then demand a ransom. From 2016 and on, variants have been discovered, which were spread via e-mail attachments. And just this week a new variant hit Europe just after the Wanna Cry ransomware attack last month.
This new variant, which some call “GoldenEye” or “NotPetya” is reported to be using the same vulnerability of last month’s attack, the EternalBlue exploit that was stolen from the United States’ National Security Agency, according to Symantec. Microsoft already has patched their OS against the exploit but computers that hasn’t updated might still get affected. The new version not only encrypts the files but the whole hard drive, according to Bogdan Botezatu from Bitdefender. The ransomware takes over everything, then shuts down the computer after encrypting and boots it up again with a demand for a ransom of $300 paid in bitcoin. When the ransom is paid they will be given a decryption key that can be entered to decrypt the files.
The new ransomware officially started on June 27 and has possibly shutdown more than 2,000 computers. Among the victims of this new attack is the British advertising agency WPP. Ukraine seems to the the country that has been hit the most by the ransomware. Ukrainian firms as well as government computers were also reported to have been hit including the central bank, two postal services, several petrol stations, Antonov, as well as the state power company and Kiev’s main airport and metro system. In a tweet, the Ukrainian deputy Prime Minister also shared a picture to show that they too have been affected. The official Ukraine twitter account has tweeted that they’re doing their best to solve the issues. The Chernobyl nuclear power plant also got their Windows computers shut down. A French construction materials company, St Gobain, was reported to have their computers affected as well.
Russia’s Rosneft oil company is reported to have been hit. TNT, a Netherlands-based shipping company, and Moller-Maersk also were reported to have been hit. The Danish shipping giant has confirmed that their IT systems are down with a series of tweets detailing the status of their system during the attack. Spanish food giant Mondelez, famous for Oreo and Toblerone, also got hit, though it was unclear if it was from the same cyber attack. A Cadbury factory in Tasmania, Australia got hit as well.
In the US, health and pharmaceutical companies got hit. The Heritage Valley Health System has reported that its computer network was down, causing operations to be delayed, but it is not yet clear if it was from the same ransomware attack. US pharmaceutical giant, Merck was confirmed to also have been hit by the ransomware.
Two Attacks in One Month
This has been the 2nd major attack for this month, and the third major cyber attack since May. Earlier this June a South Korean web hosting company, Nayana, was attacked by the Erebus ransomware. The company was reported to have paid a fee of 397.6 bitcoin, which is equivalent to $1 million. The initial ransom was for $4 million though the company was said to have negotiated with the hackers.
The attacks are getting more frequent thanks to the leaked exploits developed by the US. When these attacks will cease is anybody’s guess. As the hackers get smarter, and as long as they’re free, it wouldn’t be a surprise to anyone if future attacks are worse than the ones companies are experiencing now.