A major global cyberattack involving Petya ransomware is currently underway, with firms across Russia, Ukraine and Europe affected. The attack is understood to involve Petya ransomware, in what appears to be a similar incident to the WannaCry ransomware attacks last month.
Companies confirmed as being infected with the ransomware include the Russian oil firm Rosneft, the Russian metal maker Evraz, French construction materials firm Saint Gobain, many Russian banks, the international Boryspil airport in Ukraine, the Ukraine government, two Ukrainian postal services, the Ukrainian aviation firm Antonov, shipping firm A.P. Moller-Maersk, legal firm DLA Piper, food manufacturer Mondelex and the advertising group WPP. Many more companies are believed to have have been attacked with the list of victims certain to grow. Attacks now occurring in the UK and India and may spread further afield. Ukraine’s Prime Minister Volodymyr Groysman has said the ransomware attack is unprecedented.
The attacks appear to have started Tuesday, with Russian cybersecurity firm Group-IB suggesting ransomware was installed using some of the NSA exploits published by Shadow Brokers – two of those exploits were also used to install WannaCry ransomware on organizations around the globe last month.
In contrast to WannaCry, Petya ransomware is not understood to have a kill switch. Recovery from the attack will only be possible if data backups exist and have not been encrypted in the attack or if the ransom is paid. The ransom demand is understood to be $300 per infected device.
Petya ransomware is different to many other ransomware variants as it does not encrypt files. Instead, the ransomware attacks and replaces the Master File Table (MFT). The MFT is needed by computers to determine the location of files stored on the hard drive. Without access to the MFT, files cannot be located. Files are not encrypted, but since the files cannot be located the end result is the same. Files cannot be opened.
At this stage, the infection process is not fully understood, with some news outlets claiming the attacks are occurring via malicious email attachments, while others report they involve exploits for unaddressed vulnerabilities.
Further information will be published when it becomes available.
The post Reports Flood in on New ‘Unprecedented’ Global Ransomware Attack appeared first on HIPAA Journal.