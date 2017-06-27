is a reporter for Verdict, covering global news, economics and business. You can reach her at amelia.heathman@verdict.co.uk

A new global ransomware outbreak, which has picked up the name Petya, has hit companies in across Europe, after supposedly beginning in the Ukraine.

The recent attack is similar to the WannaCry outbreak that took place in May, as the computer systems appear to be locked down with the ransomware around the world, and messages are appearing demanding $300 worth in bitcoin. Over 300,000 computers were infected by the malware, which also took down 46 NHS England Trusts.

According to a picture posted Twitter on the malware, the message says:

If you see this text, then your files are no longer accessible, because they are encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.

Travis Farral, director of security strategy at Anomali, said:

“This is a global attack. Just like WannaCry, organisations are locked out of their networks and a fee demanded to decrypt files, and could also be leveraging the same EternalBlue vulnerability, which attacks SMB file-sharing services.”

Here is why the petya malware has hit so far

1. DLA Piper: The global law firm has seen the hackers hit its officers in Madrid and Washington DC.

2. Evraz: The Russian steelmaker is one of a handful of Russian companies that have been affected.

3. Maersk: The global shipping company confirmed that its IT systems had been taken down due to a cyber attack on Twitter.

4. Rosneft: Russia’s main oil producer has said its servers have been hit in the attack but its oil production is unaffected.

5. WPP: The London-based advertising giant also tweeted that its IT systems in several of its companies were affected.

Louis Rynsard, director of reputation and strategy at the corporate comms agency SBC London said that 20 percent of WPP’s share’s price has been wiped off after the attack.

He said:

“After the initial cyber attack and loss of data, or control of systems, comes the loss of reputation. The long-lasting impact of a cyber attack cannot be overstated. You cannot avoid an attack, but you can and must have a plan in place for when the worst happens.”

6. The Chernobyl nuclear power: According to reports in local media some computers at the power plant — which is currently under decommissioning after the explosion at reactor number four in 1986 — were infected by the virus.

As well as companies, it appears that the malware has infected the Ukrainian government and Kiev’s airport.

The UK parliament was hit by a separate cyber attack this weekend, which is thought to have been a state-sponsored attack.

What is the malware?

Costin Raiu, a security researcher at Kaspersky Lab, told Motherboard that it is a ransomware strain known as Petya or Petrwrap.

This is similar to WannaCry as it encrypts the files on a user’s system and says it will return access in exchange for bitcoin.

As well, both malwares take advantage of the EternalBlue exploit, generally believed to have been developed by the US’s National Security Agency (NSA).

Farral explained the EternalBlue exploit to Verdict, saying:

“It was leaked by the Shadow Brokers hacker group on April 14, 2017, and was used as part of the worldwide WannaCry ransomware attack. It exploits a vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol. Microsoft has released patches in a security bulletin it issued 14th March 2017, MS17-010, which detailed the flaw and announced a patch for all Windows versions that were currently supported at that time. But many organisations have not implemented this, leaving them vulnerable.”

The Mircosoft patch was released prior to WannaCry hack that took place at the end of May. If companies still hadn’t updated this patch after that attack, then it appears they are still vulnerable and could be targeted by Petya.

The WannaCry hackers have managed to make $122,167.90 according to Elliptic’s tracker. The latest payment was made today, 27 June, showing that the effects of May’s hack are still being felt.

If you’re interested in how much Petya is making, someone has created a Twitter bot which is tracking its bitcoin wallet.

The bitcoin wallet tied to #Petya ransomware has so far received 11 payments totaling 1.37807212 BTC ($3,246.4 USD). — petya_payments (@petya_payments) June 27, 2017

According to the bot, payments have reached over $4,000 in total on the first day of the attack.

What can companies learn from malware attacks like this?

After the recent WannaCry attack, the hacking of parliament this week, and the Russian hacking of the US presidential election last year, cyber attacks are becoming part of everyday life.

David Matthews, EMEA security industry director at security company Unisys, said this incident shows that no organisation is immune to attacks.

“The latest ransomware attack – Petrwrap or Petya, is evidence of the vigilance necessary to safeguard our information, critical systems, and financial data. While confined to Europe, at this stage, it may be the start of a wider and more comprehensive threat vector, sparking requests to ensure that companies keep sufficient data back-up and use effective security controls as well as ensure software is patched effectively.

“This fast-spreading infection has highlighted the limitations of the perimeter security model: when attackers penetrate a vulnerable device they use that to move laterally within the enterprise. This recent attack proves that no organisation is immune to cyber-attacks, and further outlines the need for organisations to adopt defence and in-depth policies that allow breach detection and action to take place much quicker, protecting both sensitive data and business reputation.”

Farral added:

“The exact measures organisations can implement to mitigate risk depends on the kind of system being protected but there are fundamental actions such as backing up data in the Cloud and on an external hard drive, updating system and patch vulnerabilities, and ensuring everyone is watching where they click.”

This is a breaking news story and will be updated when more information is available