New Ransomware Hits Organizations in Three Continents

Fagjun | Published 2017-06-28 01:29

New ransomware has disrupted the operations of companies in Europe, the US, and Australia.

Just last month, the WannaCry ransomware attacked computers in over 150 countries and affected about 200,000 thousand individuals. Now, another wave of ransomware attacks has spread throughout a number of countries.

Ransomware is a kind of malware that effectively takes a computer system's files hostage. Users won't be able to access those files unless they pay a ransom. The cybercriminals behind WannaCry demanded a ransom of $300 in the cryptocurrency Bitcoin, which users had to pay within a certain amount of time. Non-payment would mean losing access to those files, unless users backed the files up in a separate location.

What We Know so Far

A number of organizations and companies have announced that their operations have experienced issues due to the new ransomware attack. The ransomware, called Petya, is somewhat similar to WannaCry. Both ask for payment in Bitcoin, and both have targeted large companies and organizations. However, it may be that the similarities between the two ransomware end there.

Petya has attacked different kinds of organizations in three continents. A Cadbury chocolate factory in Australia has halted production when its parent company experienced a ransomware attack. Another Australian organization, law firm DLA Piper Ltd, may also be under attack.

Danish shipping giant Moller-Maersk has also announced that the malware has also affected their systems. Heritage Valley Health System, which runs medical facilities in Pittsburgh, has also reported issues due to the malware.

The malware has also hit Russian oil and steel firms Evraz and Rosneft. Saint-Gobain, a construction materials company in France, has also reported an attack. Australian airline Qantas, however, has said that the issues it has been experiencing are not an effect of the ransomware, but an effect of a glitch instead.

More companies and organizations may report attacks on their systems in the next few days. Then again, maybe not. Analysts have realized that though Petya and WannaCry are similar, there are some glaring distinctions.

New Ransomware or a Way to Cause Mayhem?

It's possible that the ransomware may hit more computers and organizations in the next few days.
[Photo by Annie Spratt]

Though there are some obvious though shallow similarities, Petya seems to be somewhat different from WannaCry. Petya also demands a $300 ransom in Bitcoin like its predecessor. However, analysts now say that the cybercriminals behind Petya may not be doing this for the money. It's possible that they're doing this to cause mayhem, not to rake in the cash.

Experts have noticed that the payment mechanism for Petya looks to be the work of amateurs. While most other ransomware creates a custom Bitcoin payment address for each victim, Petya uses just one address for all victims. Another thing that experts noticed is that the criminals behind Petya provided victims with a single email address with which to communicate. The email service provider has suspended this email address, which means that the criminals can't give victims the decryption code once victims pay the ransom. It's possible that whoever is behind the ransomware isn't looking for money, but is just looking to cause disruptions.

There have been reports that a small Ukrainian financial tech company called MeDoc is likely to be behind these new ransomware attacks. We may receive new information as more angles to the story unfold.

Hey! Where are you going?? Subscribe!

Get weekly science updates in your inbox!