An international cyberattack has struck computer systems from Russia to the United States. Computer experts are calling the virus Petya. Reports of the attack spread quickly. Rob Wainwright, executive director of Europol, Europe’s police agency, said, “We are urgently responding to reports of another major ransomware attack on businesses in Europe.” At least nine European countries were targeted in the latest attack.
Numerous companies have been affected by the Petya cyberattack, including several Ukrainian government ministries, Danish shipping giant Maersk, Russian energy giant Rosneft, and pharmaceutical company Merck. In the Ukraine, the national power grid company Kievenergo had to shut down all of its computers because of the attack. The metro system in Kiev reported it could not accept card payments because of the attack.
The attack had many similarities to a recent assault that affected tens of thousands of machines worldwide. The WannaCry attacks in May took over computers and demanded a digital ransom from their owners to regain control. That attack spread quickly across much of Asia and Europe.
Symantec researchers say the new attack uses the same National Security Agency hacking tool that was used in the WannaCry attacks. The tool was among dozens leaked online last April by a group known as the Shadow Brokers. While the vulnerability was patched by Microsoft last April, hundreds of thousands of organizations around the world failed to properly install the patch, leaving them exposed to the attack. The NSA has not acknowledged whether hacking tools it created were used in WannaCry or other attacks.
Some researchers are calling this new attack “an improved and more lethal version of WannaCry.” While the earlier ransomware attacks locked only individual files, the Petya attacks encrypt and lock entire hard drives. Over just the past seven days, WannaCry had attempted to hit an additional 80,000 organizations, but was prevented by a kill switch that stopped the attacks from spreading. There is currently no such kill switch for the Petya attacks.
It remains unclear who is behind this cyberattack. Petya was for sale on the so-called dark web, where anyone could purchase and launch it. If the computer virus was a variant of Petya, the attackers will be hard to trace. The authors of the Petya ransomware, who call themselves Janus Cybercrime Solutions, get a cut of the ransom payments paid to unlock affected computers. Security company Kaspersky Labs estimates that around 2,000 users have been attacked so far.