WannaCry All Over Again? European Servers Hit By Massive Ransomware Attack

Image courtesy of frankieleon

In an attack reminiscent of WannaCry — the ransomware that held servers around the world hostage in May — web servers across Europe have reportedly been hit by another strain of rapidly spreading malware.

How bad is it? Pretty darn bad: Reuters reports that computers at Rosneft, Russia’s biggest oil company, and some of the country’s banks have been compromised, while Ukraine’s international airports, power grid and banking system have also reportedly been impacted.

Among the other victims: Food conglomerate Mondelez, Danish shipping company A.P. Moller-Maersk, and German logistics company Deutsche Post, among others. (Reuters has a running list of victims here).

According to The Telegraph, the Chernobyl nuclear power plant has also had to shut down computers after the virus infected its network.

The attack appears to unfold like other ransomware exploits: Channel 24 in Ukraine says its computers were blocked, followed by a demand for $300 worth of Bitcoin to restore access to the company’s files.

“If you see this text, then your files are no longer accessible, because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service,” the message said.

WannaCry All Over Again?

Researchers from various cyber security firms seem to agree that the ranswomare is a strain of a virus called Petya, which, like WannaCry, exploits a known vulnerability in Windows known as EternalBlue — an exploit that allegedly came from the NSA and was made public in a data dump from a hack a few weeks back.

“There have been indications of late that Petya is in circulation again, exploiting the SMB (Server Message Block) vulnerability,” the Swiss Reporting and Analysis Centre for Information Assurance (MELANI) said.

The strain was first spotted in March, notes Kaspersky Lab’s Costin Raiu on Twitter, adding that it’s spreading fast and a number of payments have been made to the Bitcoin wallet associated with the ransomware.

“It’s like WannaCry all over again,” F-Secure Chief Research Officer Mikko Hypponen told Reuters, noting that so far nothing is stopping the virus. “This could hit the U.S.A. pretty bad,” he said.

“With the severity of this attack and the degree to which the virus has already spread on an international scale across major business and infrastructure, it is now almost impossible to stop it from spreading further,” Robert Edwards, a barrister and cybercrime specialist at St. John’s Buildings told The Telegraph, adding that the fallout will likely be severe, “and raises serious questions about the security of devices and the ease in which hackers are able to commit such attacks.”

Update: Petya has apparently jumped across the Atlantic to our shores, as law firm DLA Piper has confirmed it’s suffering some technical difficulties.

The company is warning employees to keep their computers turned off, and remove all laptops from their docks: