Less than two months after the WannaCry virus was unleashed in a massive ransomware attack that affected more than two-hundred thousand computers around the globe, a new round of similar attacks began Tuesday morning. This time, the ransomware attacks first gained widespread notice in the Ukraine, where government departments, the nation’s central bank, and private firms saw their computer systems crippled by a virus that was initially identified as “Petya.” Screen shots on various social media outlets suggest that the attackers have demanded that ransom be paid in Bitcoin.
The virus spread across Europe and the US, impacting everything from computer systems at the Chernobyl nuclear plant to container terminals in Rotterdam owned by shipping giant AP Moller-Maersk. It impacted Russian oil and steel companies, French construction materials firm Saint-Gobain, and U.S. pharmaceuticals firm Merck.
According to security officials, the virus may be even more damaging than WannaCry. As Varonis VP Ken Spinner told The Telegraph,
"This attack doesn't just encrypt data for a ransom - but instead hijacks computers and prevents them from working altogether. The implications of this type of cyberattack spread far and wide: and can affect everything from government to banks to transportation."
The May release of the WannaCry virus has been blamed on North Korea, but authorities have yet to name any suspects in this most recent round of attacks. For now, security experts are still attempting to identify the exploits used to execute the attacks. Initial analysis suggested that this virus uses the same NSA EternalBlue exploit used by WannaCry, but subsequent research indicates that the virus may have gained access to that exploit using phishing emails.
Unfortunately, early indications are that this particular virus lacks the kill switch experts used to thwart the WannaCry attacks. Meanwhile, Kapersky Lab researchers have noted that the ransomware used in the assault may not even use the Petya virus at all. According to those researchers, “Our preliminary findings suggest that it is not a variant of Petya ransomware as publicly reported, but a new ransomware that has not been seen before."