Massive ransom-ware attack hits companies across Europe, US

June 28, 2017 Off By Web Desk

Moscow, (IINA) – A massive new cyber-attack via a ransom-ware virus, initially dubbed Petya, paralyzed businesses across Europe on Tuesday before spreading to the United States, DPA reported.

The attack came just six weeks after more than 150 countries were affected by the so-called ransomware known as WCry, WannaCry or WannaDecrypt0r, which exploited vulnerabilities in the most widely used operating system in the world: Microsoft Windows.

Moscow-based anti-virus provider Kaspersky Lab said it had detected 2,000 attacks on Tuesday, mostly in Russia and Ukraine but also in Poland, Italy, Britain, France, US and Germany.

It was not immediately clear who was behind the virus, which, like WannaCry, took over computer systems and demanded a ransom payment in the bitcoin digital currency to unlock them.

“It seems one of the initial Petya vectors was a Ukrainian software company. Attackers must have compromised their infrastructure,” Chris Wysopal, founder of software security firm Veracode, wrote on Twitter.

Ukrainian ministries, radiation monitoring at the Chernobyl nuclear facility, banks and energy companies were reportedly affected, as well as big companies including Danish shipping conglomerate Maersk, British advertising agency WPP and Dutch shipping company TNT Express.

Ukrainian Prime Minister Volodymyr Groysman described the attack as “unprecedented” in a post on Facebook.

“Our IT specialists are doing their job and protecting critical infrastructure,” he said. “Important systems have not suffered. The attack will be repelled, and the attackers will be detected.”

“We are urgently responding to reports of another major ransom-ware attack on businesses in Europe,” Rob Wainwright, executive director of Europol, the European Union’s law enforcement agency, said on Twitter.

A French judicial source stated that Paris prosecutors had opened an investigation into the case, with French police’s cyber-crime division probing possible offences including fraudulent access to a database and extortion.

Kaspersky said those behind the attack were asking for 300 dollars in Bitcoin, which is untraceable, to deliver the key that encrypts the ransom data.

By late Tuesday, 24 payments totaling 2.54 bitcoin, or just less than 6,000 dollars, had been made to the attacker’s account, it said.

Kaspersky also said that despite similarities to Petya, preliminary findings suggested it was in fact not a Petya variant as first reported but “a new ransom-ware that has not been seen before.”

It dubbed the virus “ExPetr” and advised companies to update their Windows software and install the MS17-010 security patch as well as to back up their data.

Like WannaCry, the virus was using a cyber-tool called Eternal Blue to propagate itself, according to cyber security company Symantec.

The tool is believed to have been created by the US National Security Agency and leaked online by hackers in April.

Security firms had afterwards urged all users to update their Windows software with a Microsoft patch but many companies failed to do so and the WannaCry attacks caused widespread disruption.

Source: International Islamic News Agency