Ransomware, one of those words that wasn’t even a word a few years ago, has become infamous as cyber-criminals across the world use it regularly to extort money out of technologically paralyzed victims. The malicious software works through encryption processes, blocking a user from accessing data, threatening to delete the data or publish the data for the world to see unless a ransom is paid.
Experts advise not to pay the ransom, but companies most generally do, eliminating the threat for the meantime while inadvertently supporting the cyber-criminals and increasing chances that they’ll be back for more.
Multi-national companies worldwide are feeling the wrath of the latest attack, described by most experts as the Petya malware virus. Some speculate that today’s attack is what would be described as a "ransom worm," a combination of ransomware and a worm, effectively a more powerful variant of Petya. A worm is nearly invisible software that self-propagates, spreading itself across active memory systems to provide remote access to the computer.
Starting about 2 p.m. local time, Ukraine was hit particularly hard, with Prime Minister Volodymyr Groysman calling the attack within his country’s borders "unprecedented." The State’s postal service and power distributor, Ukrposhta and Ukrenergo, respectively, along with aircraft manufacturer Antonov, Kiev airport operator Boryspil, stores and banks were known to be affected by the virus.
This is by no means the first attack on Ukraine. State assets were peppered by hack attacks late last year, which followed a cyber assault in 2015 that caused a blackout in part of the country as the electric grid was hacked.
Groysman said that while his country had never seen a worse attack than today, the perpetrators did not breach any vital systems, thanks to the country’s information technology experts successfully protecting that vital property.
In England, Advertising stalwart WPP was hit, along with DLA Piper, a global law firm. France’s construction materials company Saint-Gobain and Danish shipping behemoth Maersk also reported disruptions.
In the U.S., Merck (NYSE: MRK) tweeted that its computer network was compromised as part of the global hack. Food and drink giant Mondelez (NASDAQ: MDLZ) was experiencing worldwide computer outages and FedEx (NYSE: FDX) said its TNT Express business too was dealing with computer outages.
Some 80 companies in Russia, including state-owned oil company Rosneft and steel company Evraz reported being attacked.
Kaspersky Labs reported the thousands of users have been hit in Russia, Ukraine, Poland, Italy, United Kingdom, France, Germany and the U.S.
In all instances, the monitors of infected computers display a locked screen ordering $300 in bitcoin payment before the hackers will relinquish computer control. According to media outlets, messages accompanying the computer lockouts today read, "If you see this text, then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.”
The attack comes on the heels of the so-named WannaCry ransomware attack that infected nearly a quarter of a million computers across 150 countries last month also demanding $300 in ransom. WannaCry was built on scaffolding stolen from the National Security Agency called EternalBlue, which exploited a vulnerability in Microsoft software.
If indeed Petya is a new iteration of WannaCry, it is known to be able to infect computers that have already installed a patch of the previous vulnerability.
