New ransomware attacks now under way in Europe.
At this point, it’s not entirely clear if this is an updated version of WannaCry or not, but security company originally posted that there’s evidence this is a variant of the Petya ransomware. In a recent update, Kaspersky says it believes this is a new form of malware, with the company revealing that 2,000 computers have been attacked only this afternoon.
Windows PCs in Europe seem to be the most affected by the new virus, and Ukraine appears to be one particular target, which raises questions as to the source of these attacks. Security experts believe that Russian hackers might be involved, as the power grid in Ukraine and other utility state companies have previously been attacked by Russia as well.
Ukraine’s central bank, the Kiev Boryspil Airport, Ukrenego electricity supplier, municipal metro, and state telecom have already been attacked by the new virus. A particular worrying infection is happening at the Chernobyl nuclear plant, where all Windows computers have already been shut down, with local engineers switching to manual systems for measuring radiation.
United States under attack as well
While the attacks are mainly aimed at Ukraine’s computers, there are also reports of infections in some other countries, including in the United States, though these are just isolated cases for the time being. A hospital in Pittsburgh has reportedly been compromised, though a confirmation is not yet available.
There are also reports that Russian companies might have been hit by the same virus as well, which raises questions regarding Russia’s involvement in the attack. Russian oil company Rosneft is reportedly struggling to block the ransomware as we speak.
Several major businesses in Spain and in the United Kingdom have also been knocked offline after their computers got infected with the new virus.
At the time of writing this article, security experts talk about nearly 20 transactions made to the virus authors, which accounts for nearly $4,900 in ransom paid for the decryption key. Just like WannaCry, the virus encrypts files and requires victim to pay $300 in Bitcoin to obtain the key.
It’s not clear whether the ransomware is based on an exploit that’s not yet patched in Windows, but we’ve reached out to Microsoft to ask for more information. There are signs that the virus might use another vulnerability stolen from the NSA, though a confirmation in this regard is not yet available.