Businesses across Europe have been hit with a unique ransomware attack that is believed to have started in Ukraine and since spread to several countries including the United States, according to multiple news reports.
So far Ukraine has, so far, been hit the hardest with the ransomware virus, which paralyzes computer systems and restricts file access until victims pay a ransom.
The malware has been identified as Petya, ExPetr, or Petrwrap and isn’t a run-of-the-mill ransomware. It was designed a “wiper” meant to destroy data even if a ransom was paid and is one of the many cyberweapons hackers stole from the NSA earlier this year.
Ukraine’s metro system, telecommunications company Ukrtelecom, government agencies, and Boryspil Airport are all reporting compromised computer systems. The state’s power distributor Ukrenergo also said its IT system was affected but said the attack didn’t disrupt power or operations, Reuters reported.
But the attack has also disrupted operations at other companies, including major British ad agency WPP, French construction materials manufacturer Saint Gobain, Russian steel and oil mining companies Evraz and Rosneft, and Danish shipping company Maersk. The global U.S. law firm DLA Piper also reported downed phones and computer systems, the Verge reported.
The Petya attack comes just over a month after the devastating WannaCry attack that affected computer systems in more that 150 countries and more than 200,000 computers. The Department of Homeland Security has blamed North Korea as responsible for the attack, the New York Times reported.
Ransomware attacks have been on the rise in recent years, predominantly affecting the United States. In 2016, 2.5 million people were ransomware victims with the number of attacks set to more than double in 2017, according to a report released by cybersecurity firm Kaspersky Lab. In the first quarter of this year, 218,625 ransomware files were detected — a 250 percent increase from the 61,832 files detected in Q1 of 2016.
And the trend is likely to continue because the attacks carry relatively low risk and have very high payoffs. May’s WannaCry attack started with the U.K.’s National Health Service and spread worldwide through a Microsoft security vulnerability. The hackers were able to exploit this vulnerability and collected $100,000 worth of Bitcoin to release victims’ data, Newsweek reported. Other smaller attacks have generated similar returns.
Petya first appeared in early 2016 but the version used this week is a bit different in that it was a wiper masked as ransomware. Even if ransom payments were made, the action wouldn’t trigger decryption to release the documents — only random data, according to a Kaspersky Lab analysis. Once infected, a computer’s files were irrevocably destroyed, which likely means the malware “attack was not financially motivated, but destructive,” cyber analysts Anton Ivanov, Orkhan Mamedov wrote in a Wednesday blog post discussing the attack.
A Ukrainian government analysis found the attack was likely initiated by another government. The Ukrainian government has previously blamed Russia for cyberattacks in 2015 and 2016.
If true, that could mean state-sponsored hackers are increasing the damage done via cyberattacks, moving away from targeting individuals for pure financial gain to homing in on businesses and government infrastructures, which could significantly impact a country’s economy in the longer term.
This story has been significantly updated to reflect new information about a developing story. Changes include reclassifying Petya as wiper malware that masqueraded as ransomware. Information was also added regarding Ukraine’s suspicion the attack was state sponsored.