Another global ransomware attack happening

Screen of the computers infect with Petrwap.

A major cyber attack on Tuesday, June 27th, would have hit a number of companies across Europe, notably the United Kingdom, Denmark, Spain and Ukraine, according to the Daily Telegraph.

Companies, Kiev airport, government departments, subway service and the website of the central bank of Ukraine would have been the first to undergo a cyberattack in Europe today, according to the newspaper.

It is believed that the virus, called ransomware, is part of a software altered to disrupt computer systems, which then requires a cash extortion to fix the problem.

Maersk, one of Europe’s biggest transport and logistics companies based in Denmark, said on Twitter that 17 of its terminals suffered the same cyber attack as Ukrainian institutions.

Screen of the computers infect with Petrwap.
Screen of the computers infected with the Petrwap ransomware. They demand 300 worth of Bitcoin.

In Russia, according to the Daily Telegraph, oil giant Rosneft confirmed that its servants suffered a “strong” cyber attack.

The Spanish newspaper El Confidencial reported that ransomware attacks hit offices of multinational companies such as Mondelez. The newspaper also said that the US pharmaceutical giant Merck would also have been hit by the cyber attack. Vice’s Motherboard and Quartz also have reported. Quartz has setup a Twitter account that will tweet each time a new ransom payment is made to the bitcoin wallets associated with the Petya attack.   @petya_payments, so far we only know of one wallet the ransomware is instructing victims to send money to, and will add more as they surface. Here’s a sample tweet:

According to cybersecurity blogger Graham Cluley, security experts have confirmed that the ransomware, believed to be a variant of Petya or Petrwap, is spreading by exploiting an NSA-built Windows exploit known as “Eternal Blue”. Eternal Blue was developed by the United States’ National Security Agency for the purpose of infecting the computers of those it wished to spy upon. As a consequence, the NSA didn’t tell Microsoft about the vulnerability it had discovered in Windows *until* details were stolen from the agency by a mysterious group of hackers known as the Shadow Brokers.

Brazilian infosec expert Rodrigo Jorge warned that the virus explores the same vulnerability of the Wannacry, ransomware which spreading all over the world at high speed a few weeks ago and affected governments, banks, hospitals and electric power companies.

Just a regular computer user. I write for regular users like me. When we grow up we are taught basic security tips like how to cross the street. But we are not taught how to take care of ourselves online.