A huge new wave of powerful ransomware attacks hit multiple countries and companies this morning, causing a lot of panic among businesses and individuals working on the Internet.
Computer systems in United States, European Union and even Russia were struck on Tuesday in an international cyberattack that bore similarities to a recent assault that crippled tens of thousands of machines worldwide. British advertising agency WPP is among those to say its IT systems have been disrupted as a consequence.
The ransomware, still of an unknown origin, freezes the user’s computer until a ransom in untraceable Bitcoin cryptocurrency is paid.
Ukrainian firms, including the state power company and Kiev’s main airport, were among the first to report issues. The Chernobyl nuclear power plant has also had to monitor radiation levels manually after its Windows-based sensors were shut down.
As reports of the attack spread quickly, the Ukrainian government said that several of its ministries, radiation monitoring at the Chernobyl nuclear facility, local banks and metro systems had been affected. A number of companies — including the Danish shipping giant Maersk; Rosneft, the Russian energy giant; Saint-Gobain, the French construction materials company; and WPP, the British advertising agency — also said they had been targeted.
And in the first confirmed cases in the United States, Merck, the drug giant, confirmed that its global computer networks had been hit, as did DLA Piper, the multinational law firm.
It remains unclear who is behind this ransomware scheme. Like the WannaCry attacks in May, the hack on Tuesday takes over computers and demands digital ransom from their owners to regain control. “We are urgently responding to reports of another major ransomware attack on businesses in Europe,” Rob Wainwright, executive director of Europol, Europe’s police agency, said on Twitter.
Computer experts were calling the virus Petya, and said that it was similar to the WannaCry attack, which spread quickly across much of Asia and Europe. Others cautioned, however, that it could be yet another type of ransomware.
The international police organisation Interpol has said it was “closely monitoring” the situation and liaising with its member countries in an effort to identify and apprehend the culprits.
Experts suggest the malware is taking advantage of the same weaknesses used by the Wannacry attack last month. “It initially appeared to be a variant of a piece of ransomware that emerged last year,” said computer scientist Prof Alan Woodward.
Veteran security expert Chris Wysopal from Veracode said the malware seemed to be spreading via some of the same Windows code loopholes exploited by Wannacry. Many firms did not patch those holes because Wannacry was tackled so quickly, he added.