A new strain of ransomware has infected thousands of user in the US and Europe; with a disproportionate number of victims being located in Ukraine. “Petya” as it is currently being called has shades of the Wannacry malware that swept across the world and brought ransomware to the public eye.
According to a report by Kaspersky Lab, Petya uses the same EternalBlue exploit as Wannacry to infect systems. It also exploits other vulnerabilities to spread through systems that have already been patched. As a result, the ransomware has spread through Ukrainian infrastructure, food giant Mondelez, several large law firms, and has even shut down radiation monitoring equipment surrounding the Chernobyl region.
International shipping may also be facing some scheduling issues as Maersk has reported multiple infected sites. These include container shipping, port and tug boat operations, and oil tankers.
Like all ransomware, Petya demands a payment in Bitcoin; this time asking for a hefty $300 worth of the cryptocurrency. Interestingly, there is no way of paying the ransom at the moment. The German based email address provided no longer works as the service provider has banned the account. According to a report by The Guardian, the German company said that it refuses to allow its services to be used in a criminal manner.
For now, there’s no telling how much further Petya will spread. There doesn’t appear to be a killswitch like Wannacry; and researchers currently believe that the hacker responsible for the attack lacks experience.
On the other hand, the damage done to Ukrainian infrastructure may indicate Russian involvement in the matter. Ukraine had to temporarily shut down metro lines and its main airport to avoid possible accidents due to the ransomware.
Update: We have been hearing reports that some multinational companies operating in Malaysia have also been shut down by Petya. It’s unknown if the local machines are actually infected, but sounds more like a security measure to prevent the ransomware from spreading.