Several vendors – including Kaspersky Lab and Cisco – have already identified MEDoc as a likely vector for the initial infections.
In Ukraine the virus struck the country’s government administration.
But once it hits a computer on a network, it spreads quickly, even among computers that have applied the fix for the NSA exploit. It stressed that it was not attributing blame to the company.
“We do not tolerate any misuse of our platform”, said the German email provider Posteo, in a blog post.
The ransomware works by infecting computers within a network then spreading via the internet.
A new global ransomware attack has targeted businesses around the world, demonstrating how easy it is for hackers to extort money by taking advantage of outdated technology.
“It seems the virus is spreading all over Europe and I’m afraid it can harm the whole world”, he said.
That’s what makes modern ransomware attacks so painful.
The cryptolocker demands $300 in bitcoins and does not name the encrypting program, which makes finding a solution hard, said Group IB spokesman Evgeny Gukov in an emailed comment. It comes as Petya cyber attack, which took out servers at Russia’s and disrupted Ukraine’s banks, reaches Australia.
Ukraine was the target of a slew of cyberattacks past year.
While there are still a lot of details that experts are yet to uncover – including the identity of the criminals that released the attack, how the software initially breaches a computer or any other known vulnerabilities it may be exploiting – many are advising users to guard against Petya in the same way they did WannaCry: make sure the most recent Windows security updates are installed, and be vigilant in regular cyber hygiene practices including maintaining backups of your files, and not opening suspicious emails or clicking unfamiliar links. Researchers picking the program apart found evidence its creators had borrowed from leaked National Security Agency code, raising the possibility that the digital havoc had spread using US taxpayer-funded tools. Microsoft issued a patch for the exploit in March.
Cie de Saint-Gobain, a French manufacturer, said its systems had also been infected, though a spokeswoman declined to elaborate, and the French national railway system, the SNCF, was also affected, according to Le Parisien.
A hospital and health care system based in western Pennsylvania says it is dealing with a widespread cyberattack.
The attack appears to have been seeded through a software update mechanism built into an accounting program that companies working with the Ukrainian government need to use, according to the Ukrainian Cyber Police. The incident is spread throughout the $480 network, including satellite and community locations.
It wasn’t immediately clear if the cyberattack was related to the outbreak of malicious data-scrambling software that appears to be causing mass disruption across Europe Tuesday. In the United States, it affected companies such as the drugmaker Merck and Mondelez International, the conglomerate of food brands such as Oreo and Nabisco.
Ukrainian Prime Minister Volodymyr Groysman called the ransomware campaign “unprecedented”, but said “vital systems haven’t been affected”.
“We confirm our company’s computer network was compromised today as part of global hack”, Merck tweeted. The New Jersey-based company said it was investigating the attack. Ukraine’s central bank was the first to report the cyber attack, saying state and private firms were crippled, as well as government ministries and radiation monitoring at the Chernobyl nuclear facility. “There are few victims in the U.S.so far”, Nick Bilogorskiy, senior threat director at Cyphort, a Santa Clara, California, cybersecurity firm, said in an emailed statement.
Signs that this is a new strain of Petya led Kaspersky Lab malware analyst Vyacheslav Zakorzhevsky to say the outbreak comes from a “new ransomware we haven’t seen before”.