Companies across the globe are reporting they have been struck by a major ransomware cyber attack.
“Based on observed in-the-wild behaviors, the lack of a known, viable external spreading mechanism and other research we believe it is possible that some infections may be associated with software update systems for a Ukrainian tax accounting package called MeDoc“, Cisco Talos wrote.
On Tuesday (June 27), SingCert was alerted to the global spread of a ransomware inspired by WannaCry, which infected hundreds of thousands of computers in about 150 countries and disrupted healthcare and government sectors there in May (2017).
Cyber security firms scrambled to understand the scope and impact of the attacks, seeking to confirm suspicions hackers had leveraged the same type of NSA hacking tool exploited by WannaCry and to identify ways to stop the onslaught.
Ukraine, along with Russian Federation and companies across Europe, was hit Tuesday in a wave of cyberattacks which IT experts identified as a modified version of the Petya ransomware that struck a year ago.
Cyber researchers say that the virus, which was linked to malware called Petrwrap or Petya, used an “exploit” developed by the National Security Agency that was later leaked onto the Internet by hackers.
A Ukranian media company said its computer systems had been blocked and were displaying messages demanding $300 in crypto-currency Bitcoin in exchange for access.
A new cyber attack similar to WannaCry is spreading from Europe to the USA, hitting port operators in NY and Rotterdam, disrupting government systems in Kiev, and disabling operations at companies including Rosneft PJSC and advertiser WPP Plc.
In the United States, Merck was hit as was NY law firm of DLA Piper.
“IT systems in several WPP companies have been affected by a suspected cyber attack”, WPP said on its Twitter account. Microsoft issued a security fix in March, but Chris Wysopal, chief technology officer at the security firm Veracode, warned that would only be effective if 100 percent of computers on a company’s network were patched, saying that if one computer were infected, the malware could use a backup mechanism to spread to patched computers as well.
Australian workers at Hobart’s Cadbury factory have been warned by its Spanish parent company Mondelez after its worldwide network experienced a “global IT outage”.
The attacks started around 2:00pm Moscow time (1900 in Malaysia) and quickly spread to 80 companies in Ukraine and Russian Federation, said cybersecurity company Group IB.
‘If you see this text, then your files are no longer accessible, because they have been encrypted.
Russia’s Rosneft oil company also reported falling victim to hacking, as did Danish shipping giant A.P. Moller-Maersk.
Europol said it is investigating the attack as well.
Some analysts were calling the new form of ransomware Petya.
An adviser to Ukraine’s interior minister said earlier in the day that the virus got into computer systems via “phishing” emails written in Russian and Ukrainian created to lure employees into opening them.
Ukraine was the target of a slew of cyberattacks past year. Ukraine was the first to report these attacks, as the National Bank of Ukraine released a statement.
The virus is “spreading around the world, a large number of countries are affected”, Costin Raiu, a researcher at the Moscow-based Kaspersky Lab said in a Twitter post.