Several multinational companies said they were targeted, including U.S. pharmaceutical giant Merck, Russian state oil giant Rosneft, British advertising giant WPP and the French industrial group Saint-Gobain.
Russian steelmaker Evraz said its information systems had been hit by a cyber attack but its output was not affected. Petya hit businesses worldwide, having for several hours disrupted the functioning of banking and energy enterprises in the US, Australia, Russia and France, bringing cybersecurity concerns into the spotlight.
But once it infects a computer on a network, it spreads quickly, even among computers that have applied security for the NSA exploit.
A new wave of ransomware attacks swept the world on Tuesday, starting with Ukraine and spreading to other regions of the world.
Cadbury owner Mondelez International Inc (MDLZ.O) said in a statement overnight staff in various regions were experiencing technical problems but it was unclear whether this was due to a cyber attack.
Cyber security experts at Kaspersky Lab, however, released a conflicting report that said the ransomware was not related to Petya but was, in fact, a new program they called ‘NotPetya.’ According to them, the ransomware appears to employ a forged Microsoft digital signature that exploits a Microsoft Office vulnerability that security firm FireEye discovered in April.
Before starting with the Petya ransomware attack, let’s us first know what a ransomware actually means.
“It’s a billion-dollar business and the more customers they have, the more advanced the future ransomware attacks will be”.
The Petya attack began in the Ukraine earlier today, where there are reports of the postal service, a telco and other organisations being hit. In Europe, shipping and transport firm AP Moller-Maersk from Denmark and Heritage Valley Health System from Pittsburgh caught the virus, too – all of them received ransom note includes the same Bitcoin payment address.
The latest virus comes just weeks after ransomware – the name given to programmes that hold data hostage by scrambling it until a payment is made – downed systems across the globe, including the NHS in the UK.
NotPetya is said to be more risky and intrusive than WannaCry, which subsided after a kill switch was accidentally applied in May.
Russia’s Rosneft, one of the world’s biggest crude producers by volume, said on Tuesday its systems had suffered “serious consequences” but said oil production had not been affected because it switched over to backup systems. “Those machines that have these ports open are then attacked with one of the methods described above”. Sea Containers, the London building that houses WPP and agencies including Ogilvy & Mather, had been shut down, another person said. “The building has come to a standstill”, the employee said.
The initial infection can be traced to tax accounting software from a Ukrainian company called M.E.Doc, Microsoft says. “Nobody can recover your files without our decryption service”.
GovTech said it has also put in place measures which minimise the likelihood of government systems being infected by malware, including ransomware. One consumer lender, Home Credit, had to suspend client operations.