This is an URGENT breaking news story: A new, utterly massive cyber-attack is underway in Europe and spreading incredibly fast worldwide. The attack is shutting down: Banks, Power grids, Postal and other government systems, Media, Airports, Cell phone providers and now PORTS, with Rotterdam crippled!
At first the attack seemed to target the country of Ukraine, but spread far beyond its borders very quickly. as of 11:15 AM EDT, Maersk and other Rotterdam Harbor terminals are hacked, bringing port operations and shipping to an absolute HALT.
Banks, companies & airports hit by massive hack attack, computers offline.
Reports of "petya ransomware" spreading through Ukraine, India, Spain and UK
Russia, France – confirmed reports about #Petya ransomware outbreak
New ransomware seems a variant on Patya.A. Ukraine, Russia, Spain,Dutch containerterminal Maersk infections reported.
Russian state-run Rosneft oil company under 'major' cyberattack
There are early signs of a new ransomware outbreak, currently affecting a large number of countries across the globe, such as the UK, Ukraine, India, the Netherlands, Spain, Denmark, and others.
At the time of writing, the ransomware outbreak is smaller than WannaCry, but the volume is "considerable," according to Costin Raiu, Kaspersky Labs researcher, and MalwareHunter, an independent security researcher.
The main culprit behind this attack is a new version of Petya, a ransomware that encrypts MFT (Master File Tree) tables for NTFS partitions and overwrites the MBR (Master Boot Record) with a custom bootloader that shows a ransom note and prevents victims from booting their computer.
Because of this, Petya is more dangerous and intrusive compared to other strains because it reboots systems and prevents them from working altogether.
According to a technical analysis of this new Petya strain, its author appears to have taken inspiration from last month's WannaCry outbreak, and added a similar SMB work based on the NSA's ETERNALBLUE exploit [Source: 1, 2, 3].
Unlike WannaCry, Petya is also spread via email spam in the form of boobytrapped Office documents. These documents will download and run the Petya installer, which then executes the SMB worm and spreads to new computers.
Currently, there are multiple reports from several countries about the ransomware's impact. The most affected country seems to be the Ukraine, where government agencies have reported "cyber-attacks" caused by a mysterious virus that affected the country's largest banks, airports, and utility providers. Rozenko Pavlo, one of Ukraine's deputy prime ministers posted a photo on Twitter of a government PC locked by this new Petya variant.
Ransomware incidents have also been reported in other countries, such as the Netherlands, where Danish-based container transportation giant Maersk was forced to shut down some operations in Rotterdam. Maersk later confirmed the attacks on its website.
Similarly, in Spain, local media is reporting ransomware attacks at a large number of companies that include food conglomerate Mondelez and law firm giant DLA Piper.
Russian oil giant Rosneft also admitted to cyber-incidents on Twitter but didn't clarify further.
So far,the Petya authors have already pocketed seven ransom payments of 0.87 Bitcoin, worth nearly $2,000. This is quite a considerable sum, knowing that WannaCry took almost a full day to earn that much. This version of Petya is asking $300 in Bitcoin for each infected computer.
Developing story. More details will follow.
UPDATE 11:29 AM EDT —
DLA Piper, Mondelez, Maersk, Merck under Rasomware attack attack in Spain too.
New Petrwrap/Petya ransomware has a fake Microsoft digital signature appended. Copied from Sysinternals Utils.
Ransomware reached the screens of Mindshare Tokyo around 9pm Japan Standard Time.
Danish shipping and energy company Maersk report a cyber attack, noting on its website: "We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber attack." And Russian oil industry giant Rosnoft said it was facing a "powerful hacker attack." Neither said what kind of attack they were under.
UPDATE 1:21 PM EDT —
The Ransomware attack has reached the USA: Merck confirms it has been hit.
Merck & Co. the global pharmaceutical firm with extensive operations in the Philadelphia area, said this morning its computer networks had been the target of a massive hack.
“We confirm our company’s computer network was compromised today as part of global hack,” the statement said. “Other organizations have also been affected. We are investigating the matter and will provide additional information as we learn more”
An internal Merck communication warned employees that the company was the target of a ransomware attack on its computer systems and advised them to disconnect their computers from the network.
Employees also were asked to disconnect all mobile devices from the network and advised not to interact with the media or to post messages to social media accounts.
“The company is currently experiencing a hostile ransomware attack on its network systems,” the internal communication said. “While IT risk management and global security respond to this threat please remain calm.”
The company confirmed the hack by late morning with a statement on its twitter account.
One source said that computer crashed at company facilities in Pennsylvania and New Jersey around 8 a.m.
UPDATE 5:05 PM EDT —
Users whose computer become infected, are getting a cyber ransom screen that looks like this:
The attack is actually “an improved and more lethal version of last month's WannaCry,” according to Matthieu Suiche, a security researcher who helped contain the spread of the WannaCry ransomware last month when he created a so-called kill switch that stopped the attacks from spreading.
Over just the past seven days, Mr. Suiche noted that WannaCry had attempted to hit an additional 80,000 organizations, but was prevented from executing attack code because of the kill switch.
On Tuesday, Mr. Suiche said there was no kill switch for the Petya attacks.
The Petya attacks could be worse than WannaCry, said Chris Hinkley, a researcher at Armor, the security firm, because these attacks encrypt and lock entire hard drives, while the earlier ransomware attacks locked only individual files. (source)
Massive cyberattack hits Ukraine, Europe
A massive cyberattack is spreading through Europe, affecting computer systems of government institutions, banks, airports and businesses. Ukraine was hit particularly hard, with officials calling this the worst such attack in the country's history. Cybersecurity expert Chris Hadnagy, the CEO of Social-Engineer Inc., joins CBSN with more.
Defense Strategy and Capabilities .Conflicts and alliances around the globe are shifting constantly, enhancing the need for reliable and timely research and analysis. CSIS analyzes a wide range of issues related to defense strategy and capabilities.