Here we go again.
In May, the world was afflicted by the WannaCry ransomware scheme targeting hospitals, banks, telecommunication companies, and other essential services in over 150 countries. A similar outbreak is taking place today as well.
Several media outlets are reporting that private companies in Spain, France, Ukraine, Russia, and others are being locked out of their corporate data and being extorted for $300 worth of bitcoins in order to regain access to their vital files.
[Costin Raiu, a security researcher at Kaspersky Lab,] believes the ransomware strain is known as Petya or Petrwrap, a well-known type of ransomware. Researchers at MalwareHunterTeam, a research group focused on ransomware, told Motherboard in a Twitter direct message they believed the attack was from the same malware family as the one identified by Raiu. Like other types of ransomware, the malware seen Tuesday encrypts files on a user’s system; hackers say they will give victims the encryption key in exchange for bitcoin.
According to a tweet from anti-virus company Avira, the Petya attacks were taking advantage of the EternalBlue exploit previously leaked by the group known as The Shadow Brokers (Motherboard could not independently confirm this at the time of writing). EternalBlue is the same exploit used in the WannaCry attacks; it takes advantage of a vulnerability in the SMB data-transfer protocol, and Microsoft has since patched the issue. However, whether customers apply that patch is another matter.
Spanish outlet El Confidencial reported hackers had hit the Madrid office of DLA Piper, a global law firm. One person familiar with the attack sent Motherboard a photo of an infected computer the source said was in DLA Piper’s Washington DC office, and claimed that employees had been told to leave their workstations (neither the DC or Madrid office immediately responded to phone calls).
Hackers also attacked a Ukrainian media company, according to a local report from 24tv, one of the company’s outlets.
The hackers who control the email account posted in the ransomware message did not immediately respond to a request for comment.
Security researchers from Kaspersky Lab reported that the ransomware hit Russia, Ukraine, Spain, France, among others. Several people on Twitter reported witnessing or hearing reports of the outbreak in their respective countries, and across a wide range of industries. Companies around the world also reported computer outages.
Chris Sistrunk, a security researcher at Mandiant, said that it looks like there’s “another global outbreak attack.”
As we have warned in the past, these types of attacks will only become more common as time goes on. It’s time for companies to rethink their data storage strategy and look towards services like Evizone to ensure their information is protected by the strongest cybersecurity technology available on the market. Don’t wait to get hacked before acting.