Russian oil firm Rosneft said it had been hit by a “powerful” cyber attack. According to Group-IB, the ransomware spreads through local networks just like the WannaCry virus did. WannaCry locked up files and insisted on payment to regain access to them.
Cybersecurity researchers first said that the new ransomware appeared to be a variation of a well-known ransomware strain called Petya.
Russian security software maker Kaspersky, however, said its preliminary findings suggested the virus was not a variant of Petya but a new ransomware not seen before.
In the U.S, a hospital in western Pennsylvania said it was dealing with a “widespread” cyberattack, but didn’t immediately release further details.
The precise method by which the intruder circulates – such as by email or through a “worm” – remains unclear, specialists said. “We are investigating the issue”, spokeswoman Heidi Hauer said.
Ukrainian Prime Minister Volodymyr Groysman called the ransomware campaign “unprecedented”, but said “vital systems haven’t been affected”.
However, the radiation monitoring system at Ukraine’s Chernobyl nuclear disaster site was taken offline.
Ukraine stated that government agencies, large banks and even the airport in Kiev were struck by the attack.
Russian Federation and Ukraine were most affected by the thousands of attacks, according to security software maker Kaspersky Lab, with other victims spread across countries including Britain, France, Germany, Italy, Poland and the United States.
As a reminder, the quick proliferation of the original WannCry malware, which infected almost 300,000 computers worldwide within a day, was due entirely to its use of two powerful software exploits that were released to the public in April by the anonymous hacker group calling itself the Shadow Brokers, which said the exploits were developed by the US National Security Agency (NSA).
American pharmaceutical company Merck & Co said its computer network had been affected by the global hack.
“It’s like WannaCry all over again“, said Mikko Hypponen, chief research officer with Helsinki-based cyber security firm F-Secure.
United States pharmaceutical giant Merck, the world’s second largest such firm, confirmed on its Twitter account that its computer network was compromised on Tuesday in the global attack.
Cie de Saint-Gobain, a French manufacturer, said its systems had also been infected, though a spokeswoman declined to elaborate, and the French national railway system, the SNCF, was also affected, according to Le Parisien. It said it avoided any impact on oil production by switching to backup systems.
Banks were experiencing “difficulty in servicing customers and performing banking operations” due to the attacks, the bank said in a statement.
It also recalled a ransomware outbreak last month which hit more than 150 countries and a total of more than 200,000 victims with the WannaCry ransomware.
The blocked address may make it hard for hackers to capitalize on the digital havoc, but it may also complicate victims’ attempts to retrieve their data.
“This will undeniably affect trust in these organisations and raise questions of competency”, said Louis Rynsard, a director at the corporate communications agency SBC London.