An apparent outbreak of Petya ransomware appears to be affecting a large number of banks, energy firms and other companies based in Russia, Ukraine, Spain, Britain, France and at least one enterprise in the U.S.
Reports indicate that infected computers are locked by ransomware and as such, normal business operations have been disrupted.
— Group-IB (@GroupIB_GIB) June 27, 2017
— Enrique Serrano (@EnriqueITE) June 27, 2017
U.S. cybersecurity firms BitDefender and Symantec said the ransomware proliferated quickly because it leverages code from EternalBlue, an NSA-quality exploit that was leaked several months ago and has already been used once to deliver a worm-based variant of ransomware.
The outbreak has spread by exploiting coding flaws in older versions of Microsoft Windows.
However, there are some researchers, including some from Kaspersky Lab, who differ from the Petya consensus.
Kaspersky Lab analysts say new attacks are not a variant of Petya ransomware as publicly reported, but a new ransomware they call NotPetya pic.twitter.com/Uf8phx9Pkf
— Patrick O'Neill (@HowellONeill) June 27, 2017
The initial attack vector has been attributed to an update of accounting software company MeDoc, which sent an infected file out to customers, according to Ukrainian officials as well as security researchers at Kaspersky and Cisco.
Based on a series of photos posted on social media, the ransomware note on locked computer screens is written in English and demands a payment of $300 worth of Bitcoin to unlock the device.
State-owned Ukrainian banks and energy companies announced Tuesday that they were the victims of an “unknown virus,” but did not provide further details regarding the computer intrusions. Airports and metro services in the country have also been reportedly affected by a cyberattack.
Current situation of Petrwrap/wowsmith123456 ransomware – percentage of infections by country. pic.twitter.com/Q42WPlBlja
— Costin Raiu (@craiu) June 27, 2017
At the moment, Ukraine is the country hardest hit by the ransomware, according to Kaspersky Labs.
Reports out of Russia say the Chernobyl nuclear plant has been affected.
Multinational pharmaceutical company Merck has also said its systems were hit by the outbreak.
We confirm our company's computer network was compromised today as part of global hack. Other organizations have also been affected (1 of 2)
— Merck (@Merck) June 27, 2017
Danish transport and energy company Maersk has also announced that it too was hit by a cyberattack early Tuesday morning.
UPDATE 15:00 CEST pic.twitter.com/L5pBYvNQd3
— Maersk (@Maersk) June 27, 2017
US-CERT released a bulletin acknowledging the outbreak, pointing people to a Microsoft security bulletin from March.
As of 3:30 p.m. Eastern on Tuesday, A bitcoin wallet associated with the already identified Petya ransomware campaign has received 29 payments totaling over $7,500.
This is a developing story that will be updated as new information becomes available.