Ransomware Petya strikes at American and European companies

The victim of a powerful cyber attacks and ransom, which has spread across the United States and Europe can no longer unlock their computers, even if you pay the required amount.

Petya virus caused serious disruptions of large companies, including advertising giant WPP, the French building materials company Saint-Gobain and Russian steel and oil corporations, “Evraz” and “Rosneft”.

On infected computers, a message appears demanding a ransom of $ 300 in bitcoins. Paid offer to send the payment confirmation to the specified email address. But it turns out that the address is blocked by your ISP.

“We will not tolerate that our platform used in the mercenary purposes”, — said the provider of the email service Posteo.

This means that people who choose to pay the ransom to get the key to unlock their computers will not be able to get in touch with hackers.

“It inexperienced operator the blackmailer,” said senior Vice President of the company Proofpoint cybersecurity Ryan Kalember (Ryan Kalember).

The first attack took place in Ukraine, which affected the government, the banks, the state electricity company, Kiev airport and the metro. From the Internet was turned off the radiation monitoring system in Chernobyl, which employees had to use portable radiation counters to measure radiation levels in the exclusion zone of the former nuclear power plant.

About the damage to their systems malware, also said the food giant Mondelez, the law firm DLA Piper, the Danish Maritime transport company AP Moller-Maersk and firm Heritage Valley Health System, which operates hospitals and medical institutions in Pittsburgh.

WPP noted in a statement that damaged the computer system in several of its subsidiary companies, and that it “assesses the situation and takes appropriate measures.”

In an internal circular to its staff, the company has announced that it has become the object of “a powerful global attack using malware that has damaged all Windows servers, personal computers and laptops”. She warned employees about the need to unplug and disconnect all the machines on which you installed Windows.

Some information technology experts say that this attack corresponds to the action “updated version” of the virus Petya or Petrwrap. It is ransomware that locks computer files and forces the user to pay a specified amount to unlock.

But analysts in the cyber security firm “Kaspersky Lab” claim that the contamination caused by a new virus-the extortioner, who they haven’t seen before. Virus NotPetya struck at 2 000 users in Russia, Ukraine, Poland, France, Italy, Britain, Germany and the United States, said the “Kaspersky Lab”.

Kaspersky Lab analysts say the new attacks are not a variant of #ransomware Petya as publicly reported, but a new ransomware they call NotPetya! pic.twitter.com/zLwKNOR2VL

— Anis (@0xUID) 27 Jun 2017

Anis @0xUID
Analysts of “Kaspersky Lab” said that the new attack is not the version of the virus-the extortioner Petya, as reported by the media, and the new program that they called NotPetya

In the past month was spent attacking with the virus-the extortioner WannaCry or WannaCrypt, which has infected more than 230,000 computers in 150 countries. Most of all affected the national health system of great Britain, the Spanish phone company Telefónica and the state Railways of Germany.

Experts from cyber security firm Symantec confirmed that the program-extortionist in the most recent attack was used the same malicious code that exploits software vulnerabilities, as in WannaCry.

About this code called EternalBlue in April, announced the hacker group Shadow Brokers. It is believed that it was designed by the national security Agency of the United States.

For distribution within the company who installed the insert for protection WannaCry, Petya uses other methods, targeting tools for the network administrator.

It is unclear how the computers were infected with the malware, but according to Kalember, it is unlikely this was done via email.

Tuesday in social networks there were pictures of infected computers that says: “Your files are unavailable because they are encrypted”. Yet there is a demand to pay ransom in bitcoins in the amount of $ 300.

New #ransomware spreading through SMB… Its #rebooting OS and encrypting files. Any idea which one it is? pic.twitter.com/DaEyqIKBvH

— Ankit singh (@ankit5934) 27 Jun 2017

Ankit singh @ankit5934
New virus ransomware is distributed via the server message block SMB. He reloads the operating system and encrypts files. Any idea what kind of virus?

The attack affected all structural divisions of Maersk, including container transportation, port authorities, towing services, oil and gas, drilling, oil tankers, and 17 of container terminals.

“We can confirm that due to cyber attacks information technology systems Maersk blacked out on many sites and in many subdivisions, — said the Danish firm on Twitter. — We continue to assess the situation.”

Failures occurred in Ukraine after a series of hacker attacks on government websites, which were implemented in late 2016, as well as a number of attacks on national network of power supply, causing the security chief demanded to strengthen measures for cyber security.

Prime Minister Vladimir Groisman said that after the attack unprecedented, but vital systems are not affected. “Our information technology experts do their job and protect critical infrastructure, he said. — The attack will be reflected, and the criminals will be hunted down”.

In an attempt to calm the public, alarmed by the attack, which temporarily closed the main airport of the country, and passengers could not use the Kiev metro, the authorities tweeted a picture of the dog, peacefully drinking tea in a burning room.

Some of our gov agencies, private firms were hit by a virus. No need to panic, we’re putting utmost efforts to tackle the issue ? pic.twitter.com/RsDnwZD5Oj

— Ukraine / Ukraïna (@Ukraine) 27 June 2017.

Ukraine / Ukraine ✔ @Ukraine
Some of our government agencies, private firms affected by the virus. No need to panic, we work hard to solve the problem.

Earlier, the Deputy Prime Minister Pavlo Rozenko tweeted a picture off the computer screen and said the government computing system is locked. State company “Ukrenergo” reported that the attack was carried out against her network, but the electricity supply was not stopped.

According to the statement of the Central Bank, the latest attack was carried out by “unknown virus”. “As a result of these attacks, these banks faced difficulties in customer service and banking operations”, — said in the statement.

In a previous cyber attack Ukraine blamed Russia. One such attack was carried out at the end of 2015 against the electricity grid, what part of Western Ukraine were left without electricity. Russia denied allegations of its involvement in the cyber attacks against Ukraine.

Nicolas Duvenage (Nicolas Duvinage), who heads the division of the French army to combat digital crime, told Agence France-Presse that the attack “is a bit like the winter flu epidemic”. He added: “In the coming months we will have many such virus attacks”.

The fight against cyber-attacks increases, and around the world increase spending on cyber defence. Today the global market for cyber security is estimated at about 49 billion pounds. It is 30 times more than 10 years ago.