Worldwide effort underway to stop massive ransomware outbreak
An apparent outbreak of Petya ransomware appears to be affecting a large number of banks, energy firms and other companies based in Russia, Ukraine, Spain, Britain, France and at least one enterprise in the U.S.
Reports indicate that infected computers are locked by ransomware and as such, normal business operations have been disrupted.
U.S. cybersecurity firms BitDefender and Symantec said the ransomware proliferated quickly because it leverages code from EternalBlue, an NSA-quality exploit that was leaked several months ago and has already been used once to deliver a worm-based variant of ransomware.
The outbreak has spread by exploiting coding flaws in older versions of Microsoft Windows.
However, there are some researchers, including some from Kaspersky Lab, who differ from the Petya consensus.
The initial attack vector has been attributed to an update of accounting software company MeDoc, which sent an infected file out to customers, according to Ukrainian officials as well as security researchers at Kaspersky and Cisco.
Based on a series of photos posted on social media, the ransomware note on locked computer screens is written in English and demands a payment of $300 worth of Bitcoin to unlock the device.
State-owned Ukrainian banks and energy companies announced Tuesday that they were the victims of an “unknown virus,” but did not provide further details regarding the computer intrusions. Airports and metro services in the country have also been reportedly affected by a cyberattack.
At the moment, Ukraine is the country hardest hit by the ransomware, according to Kaspersky Labs.
Reports out of Russia say the Chernobyl nuclear plant has been affected.
Multinational pharmaceutical company Merck has also said its systems were hit by the outbreak.
Danish transport and energy company Maersk has also announced that it too was hit by a cyberattack early Tuesday morning.
US-CERT released a bulletin acknowledging the outbreak, pointing people to a Microsoft security bulletin from March.
As of 3:30 p.m. Eastern on Tuesday, A bitcoin wallet associated with the already identified Petya ransomware campaign has received 29 payments totaling over $7,500.
This is a developing story that will be updated as new information becomes available.