Another global ransomware attack: Petya or NotPetya?

by Alice Woods - -

New ransomware hits businesses, governmental institutions, and infrastructure

NotPetya ransomware attack

Just a few weeks after the massive WannaCry attack, a new ransomware hit companies and industries in Europe and the United States. Ukraine suffered from this cyber attack the most. Kiev’s airport, oil and electricity facilities, communication, media, transportation and other institution’s networks were compromised and disturbed regular work.

On Tuesday, about 2,000 attacks were reported in in Russia, Poland, France, Italy, Germany, the United Kingdom and the United States.[1] The ransomware locked affected computers’ screens and delivered a ransom note written in English asking to pay $300 for data recovery.

At first, it was assumed that malware is a new variant of Petya ransomware (also known as GoldenEye or PetrWrap) that was first discovered in 2016. However, it’s a brand new malware that used parts of Petya’s code. For this reason, malware is called NotPetya, SortaPetya or Petna.

It’s already known that ransomware used the same exploit as WannaCry. However, hackers applied an advanced strategy that allowed attacking patched operating system. They used two methods to target network’s administrator tools.[2]

Massive cyber attack hit Ukraine the most

NotPetya ransomware caused chaos in Ukraine. According to reports, malware hit banks, postal services, critical infrastructures, power grid, media, Kiev airport, metro, and governmental institutions. [3]

Due to the attack, many flights were delayed in Kiev airport. Meanwhile, people were unable to use credit cards in the metro.

However, cyber criminals caused more problems to critical infrastructures – Ukraine’s National Power Company Ukrenergo and Kiev energy generating company Kyivenergo. While Ukrenergo claims that the attack hasn’t caused huge damage and the situation is stable; Kyivenergo had to shut down all computers.[4]

The attack hit government organization that manages Chernobyl exclusion zone. The company had to turn off all computers running Windows OS. As a result, radiation monitoring services had to be switched to manual.

It’s not the firs cyber attack in Ukraine. Various institutions and organizations have already suffered from attacks earlier this year, in 2016 and 2015. The latter cyber attack also aimed at power grid and part of Ukraine were left without electricity. Nevertheless, Ukraine blamed Russia for cyber attacks; Russia did not accept the responsibility.[5]

Who is responsible for current cyber attacks is still unknown.

NotPetya goes global

The recent ransomware also attacked Russia, Poland, France, Italy, Germany, the United Kingdom and the United States. Nevertheless, NotPetya aimed at companies and infrastructures; the scale of the damage cannot be compared to Ukraine’s.

The list of currently known affected businesses world-widely:

  • Danish shipping and transportation company AP Maersk;
  • British law firm DLA Piper;
  • British advertising and marketing agency WPP;
  • U.S. pharmaceuticals company’s Merck Ireland offices;
  • Russian oil company Rosneft;
  • Russian steel firm Evras;
  • French construction materials company Saint-Gobain;
  • Hospitals and care facilities in Pittsburgh and Pennsylvania.
About the author
Alice Woods
Alice Woods - Likes to teach users about virus prevention

Alice Woods is the News Editor at 2-spyware. She has been sharing her knowledge and research data with 2spyware readers since 2014.

Contact Alice Woods
About the company Esolutions

References
Read in other languages
Files
Software
Compare
Anti-spyware Comparison Compare spyware removers