A major cyberattack across Europe has banks and power grids disrupted. Elizabeth Keatinge (@elizkeatinge) has more.
SAN FRANCISCO — A virulent new strain of ransomware named Petya wreaked havoc on some of the most-established companies in Europe and North America on Tuesday, capitalizing on the same vulnerabilities that froze hundreds of thousands of computers a month ago. .
Computer-security company Kaspersky Lab said about 2,000 systems worldwide were affected so far.
The cyberattack appeared to target Ukraine, where government officials and businesses reported intrusions to the power grid, government offices, banks and stores.
It also spread through the digital operations of some of the planet’s biggest companies. Danish shipping giant A.P. Moller-Maersk, the world’s largest overseas cargo carrier, and Russian oil behemoth Rosneft were among the high-profile corporate victims in at least six countries.
Merck, one of the largest pharmaceutical companies in the world, and British media company WPP tweeted they had been hit by Petya, as did Rosneft.
Global law firm DLA Piper said it “experienced issues with some of its systems due to suspected malware” and was working on a solution, company spokesman Josh Epstein said in an emailed statement.
By late Tuesday, the cyberattack had spread to North American divisions of European companies, said Justin Harvey, managing director of global incident response at Accenture. Petya is “really preying on organizations without proper patching hygiene” of the Windows operating system, he said.
Container ship terminals in Rotterdam run by a unit of Maersk were affected, the company confirmed. “The hacking attack could have led to serious consequences but neither the oil production nor the processing has been affected thanks to the fact that the company has switched to a reserve control system,” the company said.
Petya is a ransomware attack that renders files and data inaccessible until the user pays a ransom. In this case, those behind Petya demanded $300 via bitcoin. They claimed to have received more than $8,000 so far, according to Accenture.
It remains unclear who is responsible for Petya (a nickname for Russian boys named Peter), but cybersecurity experts said the attack is along the lines of WannaCry, an outbreak of ransomware that rapidly spread worldwide, using digital break-in tools computer companies say was created by the U.S. National Security Agency. It infected hundreds of thousands of computers in 150 countries last month.
“It’s the same level of severity as WannaCry in terms of global reach and havoc,” says Bill Conner, CEO of cybersecurity firm SonicWall. He said Petya is the latest example of “exponential growth” in ransomware that has surged from 3.8 million incidents in 2015 to 638 million last year, according to SonicWall research.
Both WannaCry and Petya used a vulnerability in Microsoft Windows systems called EternalBlue, according to Kaspersky and Symantec. The exploit was leaked online in April by a group called the Shadow Brokers. Microsoft released a fix for EternalBlue, but some companies still failed to patch their systems, making them easy targets for the cyberattack.
“A lot of companies don’t think they’re going to be a victim,” said Robert Anderson, who previously worked an executive assistant director of the FBI responsible for investigating cyberattacks. “You don’t have to be a defense contractor or a bank — these ransomware attacks are designed purely to hold your data hostage, so it doesn’t matter what type of data you have.”
Microsoft said in a statement that, “initial analysis found that the ransomware uses multiple techniques to spread, including one which was addressed by a security update previously provided for all platforms from Windows XP to Windows 10 (MS17-010). As ransomware also typically spreads via email, customers should exercise caution when opening unknown files. We are continuing to investigate and will take appropriate action to protect customers.”
The newest cyberattack may prove more difficult to stop than WannaCry, security experts say. For one, WannaCry had a kill switch, or a way to shut down the attack. Petya does not, which allows the malware to spread faster and cause more damage, said Ryan O’Leary, vice president of the threat research center at WhiteHat Security. Without a kill switch, no one knows how to stop the attack from spreading — so its breadth remains unseen, O’Leary added.
“WannaCry was dangerous, but it had poor implementation,” O’Leary said. “It looks to be a much more robust attack.”
Rasmussen added that while Petya has not infected as many machines as WannaCry, its geographical scope was much broader
An email message sent to the address listed on the ransom page was not immediately returned.
Contributing: Associated Press
Follow USA TODAY’s San Francisco Bureau Chief Jon Swartz @jswartz in Twitter.
Read or Share this story: https://usat.ly/2uecck9