Only 46 days after the WannaCry ransomware attack began a new threat has emerged, and appears to be spreading quickly. "Researchers with multiple firms identified the ransomware as Petya, malware that makes computers inoperable by encrypting their hard drives and demands ransoms in exchange for a digital key to restore access." [Reuters]
Swiss agency says #Petya ransomware virus is back amid cyber attack: https://t.co/bAfrxAbfrx More coverage: https://t.co/mJcwGWHtx9 pic.twitter.com/sJTgnNsVIw
— Reuters Top News (@Reuters) June 27, 2017
So far, Petya has targeted Russia's biggest oil company, numerous global banks ( including Russia’s Rosneft and Ukraine’s Oschadbank), Ukraine's international airport as well as global shipping firm A.P. Moller-Maersk. Reports indicate Petya, like WannaCry, is using leaked NSA expliot- EternalBlue - to spread.
Petya was known to be RaaS (Ransomware-as-a-Service), selling on Tor hidden services. Looks like WannaCry copycat. Attribution will be hard. pic.twitter.com/W5voMeNx9I
— x0rz (@x0rz) June 27, 2017
F-Secure Chief Research Officer Mikko Hypponen anticipates this outbreak will reach the Americas soon, and "could hit the U.S.A pretty bad".
This new attack highlighrs the importance of security for businesses today. It appears many governments and companies around the world did not take action to patch their systems after the WannaCry attack, and have remained vulnerable to a new ransomware. Learn more about reducing your risk and minimizing impacts of ransomware attacks here.
Regarding today’s outbreak, we are working directly with @CyberpoliceUA on the issue. More information is forthcoming.
— Talos Group (@TalosSecurity) June 27, 2017
Written By: Eden Penman, LookingPoint Marketing Manager