A new ransomware attack has crippled businesses, financial institutions, and airlines throughout Europe.
Ukraine is the epicenter of the attack with many businesses and institutions such as Ukraine's central bank, telecom and metro services, and Kiev's Boryspil Airport reporting that their systems have been compromised. Power suppliers were also compromised, though it has been reported that power remains on throughout the country.
Even more worrying is the fact that radiation monitoring at Chernobyl has been switched to manual monitoring in light of the attacks.
In terms of government operations, the office of the Presidential Administration has reported that its IT team is closely monitoring the situation while some reports state that Ukraine's Cabinet of Ministers has been hacked.
"The Ukraine cabinet of ministers seems to also have been hacked. The network is down" says deputy PM. This is turning into 1 hell of a hack https://t.co/nnZrcDgOoq
— Alec Luhn (@ASLuhn) June 27, 2017
Deputy Head of the Presidential Administration @dshymkiv instructed the team to help IT teams of other governmental institutions pic.twitter.com/iQw33ZJO7X — The Bankova (@TheBankova) June 27, 2017
Ransomware Spreads Beyond Ukraine
While Ukraine currently bears the brunt of this ransomware attack, it has spread internationally across Europe. Danish shipping and logistics company Maersk has reported that its systems are down across multiple sites and businesses. A Russian oil company, Rosneft, has also reported that its servers have been affected by the attack.
UPDATE 15:00 CEST pic.twitter.com/L5pBYvNQd3
— Maersk (@Maersk) June 27, 2017
Beyond Europe, there have been reports of this malware affecting organizations within the United States. The U.S. pharmaceutical company Merck has announced that its network was compromised by the attack. In addition, the law firm DLA Piper has reported that its computers have been affected and shut down.
We confirm our company's computer network was compromised today as part of global hack. Other organizations have also been affected (1 of 2) — Merck (@Merck) June 27, 2017
Researchers at have confirmed that the malware is Petrwrap. The firm discovered a sample of the virus on the computer on June 18 which implies that it has been around for some time.
The fast-spreading Petrwrap/Petya ransomware sample we have was compiled on June 18, 2017 according to its PE timestamp. pic.twitter.com/CHUYvsiQ08
— Costin Raiu (@craiu) June 27, 2017
Researchers for other firms have also confirmed that, like WannaCry, this software makes use of the EternalBlue exploit. Beyond that, it appears to be a standard ransomware. The software encrypts files on the infected computer with the promise that a key will be delivered once the users pay a fee of $300.
As of right now, it is unclear who is behind this attack. However, it does lead some to believe that Russia may be behind it. WannaCry is widely thought to have been the work of North Korea, but that is also unconfirmed.