June 27, 2017 by

Petya Ransomware Outbreak is Wrecking Havoc Across the World

A new ransomware strain similar to WannaCry has been spreading across Europe today, hitting a number of large companies and installations in countries including Russia, the UK, Ukraine, India, Spain, Denmark and several others.

According to Bloomberg, over 80 companies in Russia and Ukraine were affected by the Petya virus which demanded users pay $300 in bitcoin to unlock each computer. An official from Ukraine’s Interior Ministry stated the disruption was “the biggest in Ukraine’s history” in a post on Facebook. Russia’s largest crude producer, Rosneft, added that the “hacker attack” had compelled it to switch to “a backup system for managing production processes” and in the process, had avoided serious consequences.

Denmark’s Maersk, the operator of the world’s largest shipping firm, underlined the severity of the attack, stating:

We are talking about a cyber-attack. It has affected all branches of our business, at home and abroad.

The shipper claimed that a total of 17 shipping container terminals run a subsidiary of the firm in the Netherlands and other countries around the world were also impacted.

Such is the impact of the ransomware that Ukrainian deputy prime minister Pavlo Rozenko tweeted a picture of a compromised computer, adding that the government’s entire computer system had shut down.

A technical analysis of the ransomware strain reveals the author is likely to have tapped into a mechanism similar to that found by the NSA’s ‘EternalBlue’ exploit. However, unlike WannaCry, Petya is also spread via spam email containing rogue Office documents. When triggered, these documents will download and execute the Petya installer. From here on in, the SMB worm is activated and spreads to new computers.

So far, Petya authors have already pocketed seven ransom payments of 0.87 bitcoin – approx. $2,000, in a few hours. That is a figure already trumping that of WannaCry, which took an entire day to extort that amount.

Image credit: Flickr.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Robots are Now Vulnerable to Ransomware Attacks

Security researchers have put the spotlight on malware affecting humanoid robots with the first...

Read more arrow_forward

Free Decryption Tool Brings Respite to Victims of Aggressive Ransomware

A new and unusual family of ransomware has met its match after a ransomware tool backed by Europol...

Read more arrow_forward

Ransomware is ‘Modern-Day Extortion’, Says McAfee CEO

The chief executive of cybersecurity firm McAfee has labelled ransomware as the modern day answer to...

Read more arrow_forward