Petya Ransomware Hits the United States

Petya, the sweeping ransomware cyberattack that struck companies and government offices across Europe has now struck establishments in the United States.

US hospitals, pharma giant Merck and Oreo are only a handful of major establishments and companies who were impacted by the Petya ransomware attack. The largest terminal in the Port of Los Angeles shut down yesterday and remained closed on Wednesday. The APM terminal, operated by Danish shipping operator Maersk was struck by the ransomware attack at around 6 A.M on Tuesday and there is no word yet on when it might reopen.

The disruption is “part of a global cyber-attack named Petya, affecting multiple sites and select business units. We are responding to the situation to contain and limit the impact and uphold operations”, Maersk confirmed.

Elsewhere, FedEx Corp’s TNT express affiliate unit was also impacted, as were delivery operations. More pressingly, a US nuclear power plant’s computer system was also affected, although there is no indication of any breach into the systems. An investigation by federal authorities is currently underway, according to ABC news.

Seen as a virus similar to that of the WannaCry ransomware strain that spread across the world in May, the malware takes advantage of a Microsoft Windows flaw that was targeted by an NSA exploit before it was publishe online by hackers.

Other researchers have drawn a more bleaker assessment about the ransomware. The objective of Petya, some researchers claim, is to completely destroy targeted systems’ hard drives with no hope of recovery at all.

Security researchers from Comae wrote:

The ransomware was a lure for the media, this version of Petya actually wipes the first sectors of the disk like we have seen with malwares such as Shamoon.

A wiper’s goal is to destroy the infected hard drive with no intention of making money, unlike a ransomware.

“This is definitely not designed to make money,” wrote another researcher. “This is designed to spread fast and cause damage, with a plausibly deniable cover of “ransomware.””

Image credit: Flickr.