In either case, it appears to be spreading globally, raising fears it might rival another widespread attack – the WannaCry outbreak that struck in May.
Researchers at Kaspersky Lab’s Global Research and Analysis Team, in Russian Federation, estimated that 60 percent of infected computers were in Ukraine and 30 percent in Russian Federation.
One of the victims of Tuesday’s cyber attack, a Ukrainian media company, said its computers were blocked and it had a demand for $300 worth of the Bitcoin crypto-currency to restore access to its files. In a telephone interview, Bitdefender analyst Bogdan Botezatu said that he had examined samples of the program and that it appeared to be almost identical to GoldenEye, one of a family of hostage-taking programs that has been circulating for months.
While several researchers identified the virus as a derivative of the “Petya” ransomware, Kaspersky Lab, which congressional sources told ABC News is itself under Federal Bureau of Investigation scrutiny, disputed that assessment, concluding that the virus was “a new ransomware that has not been seen before” and dubbing it “NotPetya”. WannaCry also leveraged the EternalBlue exploit, which was leaked as part of a trove of hacking tools believed to belong to the NSA. Microsoft issued a security fix in March, but Chris Wysopal, chief technology officer at the security firm Veracode, warned that would only be effective if 100 percent of computers on a company’s network were patched, saying that if one computer were infected, the malware could use a backup mechanism to spread to patched computers as well.
Spokesman Scott McConnell said DHS is “coordinating with our worldwide and domestic cyber partners”.
“We are assessing the situation and are implementing remediation steps as quickly as possible”, the company, part of FedEx, said in a statement to AFP.
Microsoft said it is investigating the matter.
A new and highly virulent outbreak of malicious data-scrambling software appears to be causing mass disruption across the world, hitting companies and governments in Europe especially hard.
Once executed, Petya overwrites a machine’s master boot record with a custom boot loader that begins the process of encrypting a system’s files on reboot. It spread to other computers on companies’ networks by leveraging software holes.
In a Facebook post, MEDoc confirmed it had been hacked but denied responsibility for originating the attack.
The virus was similar to the ransomware, Wannacry, that infected more than 300,000 computers.
Officials at that country’s postal service and metro system in Kiev also reported hacking problems.
Ukrainian Deputy Prime Minister Pavlo Rozenko Tuesday tweeted a photo of his black computer screen with a warning message, adding in a separate tweet that government offices have been paralyzed.
Just a month after the massive WannaCry ransomware attack hit computers around the globe, it appears another attack is underway across Europe.
John Miller, senior analyst at cybersecurity firm FireEye said: “We are looking into the ransomware activity that has reportedly disrupted organisations in Ukraine and elsewhere”.