A new ransomware strain similar to WannaCry has been spreading across Europe today, hitting a number of large companies and installations in countries including Russia, the UK, Ukraine, India, Spain, Denmark and several others.
According to Bloomberg, over 80 companies in Russia and Ukraine were affected by the Petya virus which demanded users pay $300 in bitcoin to unlock each computer. An official from Ukraine’s Interior Ministry stated the disruption was “the biggest in Ukraine’s history” in a post on Facebook. Russia’s largest crude producer, Rosneft, added that the “hacker attack” had compelled it to switch to “a backup system for managing production processes” and in the process, had avoided serious consequences.
Denmark’s Maersk, the operator of the world’s largest shipping firm, underlined the severity of the attack, stating:
We are talking about a cyber-attack. It has affected all branches of our business, at home and abroad.
The shipper claimed that a total of 17 shipping container terminals run a subsidiary of the firm in the Netherlands and other countries around the world were also impacted.
Such is the impact of the ransomware that Ukrainian deputy prime minister Pavlo Rozenko tweeted a picture of a compromised computer, adding that the government’s entire computer system had shut down.
A technical analysis of the ransomware strain reveals the author is likely to have tapped into a mechanism similar to that found by the NSA’s ‘EternalBlue’ exploit. However, unlike WannaCry, Petya is also spread via spam email containing rogue Office documents. When triggered, these documents will download and execute the Petya installer. From here on in, the SMB worm is activated and spreads to new computers.
So far, Petya authors have already pocketed seven ransom payments of 0.87 bitcoin – approx. $2,000, in a few hours. That is a figure already trumping that of WannaCry, which took an entire day to extort that amount.
Image credit: Flickr.