Petya ransomware: Major firms say targets of global cyber attack

Petya ransomware: Major firms say targets of global cyber attack

They include law firm PLA Piper, advertising firm WPP and shipping giant Moller-Maersk.

The ransomware virus crippled computers running Microsoft Corp’s Windows by encrypting hard drives and overwriting files, then demanded US$300 (RM1,286) in bitcoin payments to restore access.

The automatic radiation monitoring system at the Chernobyl nuclear power plant here has been hit by a cyber attack and monitoring was being carried out manually, a Ukrainian federal agency said.

Petwrap, dubbed as an advanced version of ransomware Petya, has targeted users across India and Europe and shipping, aviation and oil and gas companies have been hit in the UK, Russia, France, Spain and elsewhere.

“It seems one of the initial Petya vectors was a Ukrainian software company”.

The source of the attack is not yet clear, but it is similar to WannaCry, which spread globally in May, but there are differences. Ukraine was the first to report these attacks, as the National Bank of Ukraine released a statement.

Ukraine was the target of a slew of cyberattacks previous year.

Moscow-based anti-virus provider Kaspersky Lab said it had detected 2,000 attacks on Tuesday, mostly in Russian Federation and Ukraine but also in Poland, Italy, Britain, France, the United States and Germany.

After WannaCry, another ransomware attack is wreaking havoc across the world.

Researchers picking the program apart found evidence its creators had borrowed from leaked National Security Agency code, raising the possibility that the digital havoc had spread using USA taxpayer-funded tools. “The necessary measures have been taken to rapidly contain the attack”, the bank told Reuters on Wednesday, after a person familiar with the matter had said that some staff computers were blocked on Tuesday due to the incident. A WPP employee who asked not to be named said that workers were told to shut down their computers: “The building has come to a standstill”. But according to security firm Kaspersky Lab, preliminary findings indicate the attacks are from a new ransomware which it’s calling “NotPetya”.

It is using a vulnerability called EternalBlue to exploit systems across the world. Several organisations in Europe and the USA have been crippled by a ransomware attack dubbed “Petya, also known as PetWrap”.

“Petya spread via email spam with booby-trap@kkped (Microsoft) Office documents.The documents, once opened, will download and run the Petya installer and execute the Server Message Block (SMB) worm to spread to other computers”, SingCERT said. That might be because the email provider hosting that address, Berlin-based Posteo, pulled the plug on the account before the infection became widely known. While the machine is rebooting, one can switch off the computer to prevent the files from being encrypted.