June 27, 2017 by

Petya Ransomware Outbreak is Wrecking Havoc Across the World

A new ransomware strain similar to WannaCry has been spreading across Europe today, hitting a number of large companies and installations in countries including Russia, the UK, Ukraine, India, Spain, Denmark and several others.

According to Bloomberg, over 80 companies in Russia and Ukraine were affected by the Petya virus which demanded users pay $300 in bitcoin to unlock each computer. An official from Ukraine’s Interior Ministry stated the disruption was “the biggest in Ukraine’s history” in a post on Facebook. Russia’s largest crude producer, Rosneft, added that the “hacker attack” had compelled it to switch to “a backup system for managing production processes” and in the process, had avoided serious consequences.

Denmark’s Maersk, the operator of the world’s largest shipping firm, underlined the severity of the attack, stating:

We are talking about a cyber-attack. It has affected all branches of our business, at home and abroad.

The shipper claimed that a total of 17 shipping container terminals run a subsidiary of the firm in the Netherlands and other countries around the world were also impacted.

Such is the impact of the ransomware that Ukrainian deputy prime minister Pavlo Rozenko tweeted a picture of a compromised computer, adding that the government’s entire computer system had shut down.

A technical analysis of the ransomware strain reveals the author is likely to have tapped into a mechanism similar to that found by the NSA’s ‘EternalBlue’ exploit. However, unlike WannaCry, Petya is also spread via spam email containing rogue Office documents. When triggered, these documents will download and execute the Petya installer. From here on in, the SMB worm is activated and spreads to new computers.

So far, Petya authors have already pocketed seven ransom payments of 0.87 bitcoin – approx. $2,000, in a few hours. That is a figure already trumping that of WannaCry, which took an entire day to extort that amount.

Image credit: Flickr.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

26% of Ransomware Attacks Target Corporate Businesses

New research from Kaspersky Lab has revealed that the number of ransomware attacks targeting...

Read more arrow_forward

The UK’s NHS Toughens Cybersecurity Defenses after WannaCry Ransomware

The United Kingdom’s National Health Service (NHS) is set to spend £20 million on a new security...

Read more arrow_forward

Ransomware Payments to Hit a Record $2 Billion in 2017: Research

According to new research from a cybersecurity firm, ransomware payments will hit a high of $2...

Read more arrow_forward