lock people out, asking for a payment to return access of the personal files stored on the affected hardware.
This new ransomware attack is being called “Petya”, although it is very similar to WannaCry it has not yet been confirmed that the same group of hackers have released it. Despite the fact that it hasn’t affected as many computers as its predecessor in May, this could change as security experts are having trouble finding a kill switch, dispelling hopes for a quick fix.
On Wednesday June 28th the attack managed to spread to Asia and Australia but only in multinational companies that have branches in the affected European countries. A port in India was hit, owned by the Danish shipping company AP-Moller Maesk along with a Cadbury plant in Australia owned by US food group, Mondelez.
Experts believe Petya has managed to spread using an exploit called EternalBlue - developed by the US National Security Agency (NSA), leaked in 2014 by a hacker group called Shadow Brokers. Earlier this year, Microsoft released patches to protect from the EternalBlue exploit, but because many companies cannot afford downtime on their computers to update and install the patch, the effect of these cyber-attacks has been severe.
The motive behind this cyber-attack remains unclear, although Oleksandr Turchynov – Ukraine’s National Security Chief speculates an attack to cause mayhem in Ukraine. The rapid spread of the attack has affected Ukraine the most, but if Turchynov’s speculations are true, the plan backfired as the ransomware spread out globally to a further 60+ countries.
Researchers worry that WannaCry was simply an experiment to see how much damage a cyber-attack of such scale could cause, as the kill switch was relatively easy to find. If Petya is an improved version, it could be the beginning of a much bigger attack.
+44 (0)20 7158 0001