On Tuesday, June 27, 2017, a new form of ransomware was found throughout Europe and is spreading globally quickly. Ukraine was one of the first countries to be hit with several government agencies, banks, power companies, and ATMs being affected as well as Ukraine’s largest airport.
The ransomware has been seen in several other countries including Spain, France, Russia, and the United States. US pharmaceutical company Merck reported their computer network had been affected by the cyber attack. The Danish shipping company, Maersk, also reported an attack, posting on Twitter “We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber attack.” People all around the world are sharing photos of the ransomware on Twitter which shows a black screen with red writing.
Kaspersky Lab’s has been analyzing the new ransomware and has found that it is not actually a variant of Petya as people originally thought, but a new strand that has never been seen before.
The attacks appear to be similar to the WannaCry outbreak that occurred in May with one significant difference. The new ransomware, referred to as “NotPetya,” uses the same EternalBlue exploit as WannaCry but does not have the same kill-switch. There have been several reports stating that paying the ransom has not given users access to their files. Microsoft issued a patch for this exploit in March, but many people have not applied it yet.
If you have a Windows machine and have not already applied the patch issued by Microsoft in March, do it immediately. A link to the patch can be found here: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx.