Share this post:

A new wave of apparent ransomware attacks is affecting businesses and IT departments across the globe, the latest in a string of infections this year.

Ukrainian firms were the first to report the malware, identified as Petya, on Tuesday, June 27, and it quickly spread throughout Europe and the United States.

We’re following the latest in the live blog at the end of this post.

Dozens of organizations have been impacted, including Ukraine’s state power firm, Russia’s oil company Rosneft, US pharmaceutical giant Merck, UK-based advertising agency WPP and others in Spain, France and elsewhere.

The Chernobyl nuclear plant in Ukraine reportedly switched to manual monitoring of radiation levels as a precaution.

The malware locks Windows users out of their systems and demands $300 in Bitcoin to decrypt the files, according to a screenshot Ukraine’s Channel 24 posted of a reportedly infected computer.

Computer reportedly infected by the ransomware Petya on June 27, 2017.

Kaspersky Lab said its preliminary findings suggest the malware is not Petya but a previously-unseen new variant.

Ransomware and obsolete systems

Petya was identified in March 2016 and updated earlier this year. BBC cited Andrei Barysevich, a spokesperson for the security firm Recorded Future, as saying the malware was for sale on multiple forums for as low as $22 over the last year.

Petya is based on the WannaCry and EternalBlue ransomware seen in 2016 and 2017. EternalBlue was derived from leaked NSA tools, and developed to exploit a number of back doors into vulnerable outdated systems. Cyber security experts explain that this is one of several reasons why maintaining a good backup and frequently updating systems is critical.

WannaCry was first leaked by a group called Shadow Brokers. The group released a number of hacking tools purportedly stolen from the US National Security Agency.

In the WannaCry attack, unpatched vulnerabilities in Microsoft operating systems allowed the malware to spread to more than 75 countries in a matter of hours.

Windows XP support ended on April 8, 2014, but some governments and companies still rely on the stable operating system. In December, a Freedom of Information request revealed that 90 percent of UK National Health Service trusts still use Windows XP, which no longer receives security updates.

But the new malware appears to be able to spread through systems even after they’re patched. It may also be able to exploit vulnerabilities not seen in the Shadow Brokers release.

US-CERT explains:

Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. Open-source reports indicate that the ransomware exploits vulnerabilities in Server Message Block (SMB).

US Computer Emergency Readiness Team statement

W

Joanne June 27, 20173:40 pm

Justin Gann June 27, 20172:02 pm

Justin Gann June 27, 20171:47 pm

Joanne June 27, 20171:40 pm

The Heritage Valley Health System in Pennsylvania says the malware has taken down hospital computer systems throughout their network.

Justin Gann June 27, 20171:23 pm

Justin Gann June 27, 20171:23 pm

Justin Gann June 27, 201712:59 pm

Fergus Kelly June 27, 201712:48 pm

Joanne June 27, 201712:17 pm

Joanne June 27, 201712:16 pm

Joanne June 27, 201712:15 pm

Joanne June 27, 201712:13 pm

Joanne June 27, 201712:13 pm

Joanne June 27, 201712:12 pm

Joanne June 27, 201712:12 pm

Joanne June 27, 201712:12 pm

Joanne June 27, 201712:12 pm

Joanne June 27, 201712:11 pm

Joanne June 27, 201712:11 pm

Joanne June 27, 201712:11 pm

Share this post: