Ransomware Attack Sweeping the Globe

Another global cyber attack was activated on Tuesday, leaving companies across Europe, Australia and even the United States struggling to respond.

This outbreak may be the most sophisticated of a series of attacks initiated after hacking tools were stolen from the National Security Agency and leaked online in April. Similar to the WannaCry attacks in May, the most recent hack involves taking control of computer systems and asking users for digital ransom in order to regain access.

According to a spokesperson from Microsoft, the latest software update used to patch EternalBlue—the Windows software vulnerability that caused previous attacks—should protect against this attack. However, the companies affected may have failed to properly install it. As of Wednesday morning, the following companies had been affected:

• Ukrainian institutions that include the Infrastructure Ministry, postal service, central bank and the country’s largest telephone company
• Russian oil company Rosneft
• The world’s largest container-shipping company A.P. Moller-Maersk
• U.S. pharmaceutical giant Merck
• U.S. food company Mondelez International
• French bank BNP Paribas
• French construction materials company Saint-Gobain
• British marketing company WPP
• German railway company Deutsche Bahn

Although the perpetrators of this outbreak are still unknown, computer specialists have noticed similarities between the ransomware used in this attack and last year’s Petya attack. Like WannaCry, Petya is a quickly spreading worm that affects vulnerable systems. Unlike WannaCry, Petya has multiple ways to spread. This could explain why even victims who applied the EternalBlue patch were affected.

If the most recent attack is related to Petya, it could be far more damaging than WannaCry. Unlike WannaCry, Petya lacks a kill switch to prevent it from spreading. Also, Petya locks and encrypts entire hard drives, while WannaCry only locked individual files.

At the time of this news brief, 30 victims had paid the bitcoin ransom of $300, according to online records, but it isn’t yet clear whether they’ve regained access to their systems. Complicating matters, German email provider Poseo shut down the email account of the hackers in a move that could make it impossible for hackers to restore their victims’ computer access once ransom is paid.

Scurich Insurance will continue to monitor the situation. Contact us if you have any further questions regarding how you can avoid disruptive business interruptions from cyber attacks.