June 28, 2017 by

Petya Ransomware Hits the United States

Petya, the sweeping ransomware cyberattack that struck companies and government offices across Europe has now struck establishments in the United States.

US hospitals, pharma giant Merck and Oreo are only a handful of major establishments and companies who were impacted by the Petya ransomware attack. The largest terminal in the Port of Los Angeles shut down yesterday and remained closed on Wednesday. The APM terminal, operated by Danish shipping operator Maersk was struck by the ransomware attack at around 6 A.M on Tuesday and there is no word yet on when it might reopen.

The disruption is “part of a global cyber-attack named Petya, affecting multiple sites and select business units. We are responding to the situation to contain and limit the impact and uphold operations”, Maersk confirmed.

Elsewhere, FedEx Corp’s TNT express affiliate unit was also impacted, as were delivery operations. More pressingly, a US nuclear power plant’s computer system was also affected, although there is no indication of any breach into the systems. An investigation by federal authorities is currently underway, according to ABC news.

Seen as a virus similar to that of the WannaCry ransomware strain that spread across the world in May, the malware takes advantage of a Microsoft Windows flaw that was targeted by an NSA exploit before it was publishe online by hackers.

Other researchers have drawn a more bleaker assessment about the ransomware. The objective of Petya, some researchers claim, is to completely destroy targeted systems’ hard drives with no hope of recovery at all.

Security researchers from Comae wrote:

The ransomware was a lure for the media, this version of Petya actually wipes the first sectors of the disk like we have seen with malwares such as Shamoon.

A wiper’s goal is to destroy the infected hard drive with no intention of making money, unlike a ransomware.

“This is definitely not designed to make money,” wrote another researcher. “This is designed to spread fast and cause damage, with a plausibly deniable cover of “ransomware.””

Image credit: Flickr.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

TrickBot influenced by WannaCry and Petya, adds a self-spreading Worm Module

Security researchers have discovered that the latest version of Trickbot has been using the Windows...

Read more arrow_forward

Ukraine’s Security Service Blames Russia for Petya Cyberattack

Ukraine’s security service has claimed it has obtained proof that its Russian counterpart was...

Read more arrow_forward

Petya Ransomware Outbreak is Wrecking Havoc Across the World

A new ransomware strain similar to WannaCry has been spreading across Europe today, hitting a number...

Read more arrow_forward