June 27, 2017 by

Petya Ransomware Outbreak is Wrecking Havoc Across the World

A new ransomware strain similar to WannaCry has been spreading across Europe today, hitting a number of large companies and installations in countries including Russia, the UK, Ukraine, India, Spain, Denmark and several others.

According to Bloomberg, over 80 companies in Russia and Ukraine were affected by the Petya virus which demanded users pay $300 in bitcoin to unlock each computer. An official from Ukraine’s Interior Ministry stated the disruption was “the biggest in Ukraine’s history” in a post on Facebook. Russia’s largest crude producer, Rosneft, added that the “hacker attack” had compelled it to switch to “a backup system for managing production processes” and in the process, had avoided serious consequences.

Denmark’s Maersk, the operator of the world’s largest shipping firm, underlined the severity of the attack, stating:

We are talking about a cyber-attack. It has affected all branches of our business, at home and abroad.

The shipper claimed that a total of 17 shipping container terminals run a subsidiary of the firm in the Netherlands and other countries around the world were also impacted.

Such is the impact of the ransomware that Ukrainian deputy prime minister Pavlo Rozenko tweeted a picture of a compromised computer, adding that the government’s entire computer system had shut down.

A technical analysis of the ransomware strain reveals the author is likely to have tapped into a mechanism similar to that found by the NSA’s ‘EternalBlue’ exploit. However, unlike WannaCry, Petya is also spread via spam email containing rogue Office documents. When triggered, these documents will download and execute the Petya installer. From here on in, the SMB worm is activated and spreads to new computers.

So far, Petya authors have already pocketed seven ransom payments of 0.87 bitcoin – approx. $2,000, in a few hours. That is a figure already trumping that of WannaCry, which took an entire day to extort that amount.

Image credit: Flickr.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

26% of Ransomware Attacks Target Corporate Businesses

New research from Kaspersky Lab has revealed that the number of ransomware attacks targeting...

Read more arrow_forward

The UK’s NHS Toughens Cybersecurity Defenses after WannaCry Ransomware

The United Kingdom’s National Health Service (NHS) is set to spend £20 million on a new security...

Read more arrow_forward

Ransomware Payments to Hit a Record $2 Billion in 2017: Research

According to new research from a cybersecurity firm, ransomware payments will hit a high of $2...

Read more arrow_forward