June 28, 2017 by

Petya Ransomware Hits the United States

Petya, the sweeping ransomware cyberattack that struck companies and government offices across Europe has now struck establishments in the United States.

US hospitals, pharma giant Merck and Oreo are only a handful of major establishments and companies who were impacted by the Petya ransomware attack. The largest terminal in the Port of Los Angeles shut down yesterday and remained closed on Wednesday. The APM terminal, operated by Danish shipping operator Maersk was struck by the ransomware attack at around 6 A.M on Tuesday and there is no word yet on when it might reopen.

The disruption is “part of a global cyber-attack named Petya, affecting multiple sites and select business units. We are responding to the situation to contain and limit the impact and uphold operations”, Maersk confirmed.

Elsewhere, FedEx Corp’s TNT express affiliate unit was also impacted, as were delivery operations. More pressingly, a US nuclear power plant’s computer system was also affected, although there is no indication of any breach into the systems. An investigation by federal authorities is currently underway, according to ABC news.

Seen as a virus similar to that of the WannaCry ransomware strain that spread across the world in May, the malware takes advantage of a Microsoft Windows flaw that was targeted by an NSA exploit before it was publishe online by hackers.

Other researchers have drawn a more bleaker assessment about the ransomware. The objective of Petya, some researchers claim, is to completely destroy targeted systems’ hard drives with no hope of recovery at all.

Security researchers from Comae wrote:

The ransomware was a lure for the media, this version of Petya actually wipes the first sectors of the disk like we have seen with malwares such as Shamoon.

A wiper’s goal is to destroy the infected hard drive with no intention of making money, unlike a ransomware.

“This is definitely not designed to make money,” wrote another researcher. “This is designed to spread fast and cause damage, with a plausibly deniable cover of “ransomware.””

Image credit: Flickr.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

TrickBot influenced by WannaCry and Petya, adds a self-spreading Worm Module

Security researchers have discovered that the latest version of Trickbot has been using the Windows...

Read more arrow_forward

Ukraine’s Security Service Blames Russia for Petya Cyberattack

Ukraine’s security service has claimed it has obtained proof that its Russian counterpart was...

Read more arrow_forward

Petya Ransomware Outbreak is Wrecking Havoc Across the World

A new ransomware strain similar to WannaCry has been spreading across Europe today, hitting a number...

Read more arrow_forward