Businesses across the world are reporting that they are victims of malware attacks this morning, including firms in the United Kingdom, France, Russia, Israel, Ukraine and others. It’s unclear if all the attacks are related at this time.
Danish shipping giant AP Moller-Maersk was hit, reporting that their computer systems are down across multiple sites. Other reported victims include the multinational advertising firm WPP and Russian steel and oil companies, Evraz and Rosneft. Ukraine appears to have been hit particularly hard, with the country’s central bank, state power provider, the metro system in Kiev and the state telecommunications companies all reportedly being hit on Tuesday.
Update: The security firm Kaspersky Lab has issued a statement debunking previous reports that today’s ransomware attack is related to the Petya virus, reporting that around 2,000 users have been victims of the ransomware so far. The security firm further advises Windows users to update their operating systems, which may help them take advantage of security fixes that could protect against the exploit.
The computer virus appears to resemble the Wannacry ransomware attack, which spread like wildfire in May and infected hundreds of thousands of computers, according to a tweet from security firm Symantec. Avira, another security firm, likewise linked today’s ransomware to an exploit used in the Wannacry attack.
The #Petya #ransomware is back using the #EternalBlue exploit - and our #Antivirus customers are protected! #infosec pic.twitter.com/fWap1rRLeA
— Avira (@Avira) June 27, 2017
Wannacry took advantage of an exploit called EternalBlue that is believed to have been initially found by the U.S. National Security Agency, but was later leaked by a hacker or a group of hackers calling themselves the ShadowBrokers. That exploit took advantage of a vulnerability in the Windows operating systems.
Multiple researchers are linking the ransomware attack today to a version of a virus called Petya.
To give some perspective on the scope of today’s attack, AP Moller-Maersk runs the the largest container shipping line in the world. And Russia’s Rosneft is one of the largest oil conglomerates in the world.
Moller-Maersk shared on Twitter that their systems had been attacked.
UPDATE 15:00 CEST pic.twitter.com/L5pBYvNQd3
— Maersk (@Maersk) June 27, 2017
Multiple reports show that at least some systems attacked today are being hit by a strain of ransomware that locks down people’s computers by encrypting the system with a private key. The attack then shows a message that instructs users to pay $300 in bitcoin in order to restore access.
Here is an image of the Petya attack infecting an ATM in Ukraine:
Petya on an ATM. Photo by REUTERS.https://t.co/fDQ0nGyQc6 pic.twitter.com/gT2xQP9wAo
— Mikko Hypponen (@mikko) June 27, 2017
The bitcoin wallet linked to today’s attack appears to have processed 18 transactions by the time of this publication.
This story is developing.
This article originally appeared on Recode.net.
