A new cyberattack, similar to WannaCry, is spreading from Europe to the US and South America, hitting port operators in New York, Rotterdam and Argentina, disrupting government systems in Kiev, and disabling operations at companies around the world.
More than 80 companies in Russia and Ukraine were initially affected by the Petya virus, which disabled computers and told users to pay $300 in cryptocurrency to unlock them, Moscow-based cybersecurity company Group-IB said. About 2,000 users have been attacked so far, according to Kaspersky Lab analysts, with organisations in Russia and Ukraine the most affected.
Rob Wainwright, executive director at Europol, said that the agency is "urgently responding" to reports of the new cyberattack. In a separate statement, Europol said that it is in talks with "member states and key industry partners to establish the full nature of this attack at this time".
UK media company WPP’s website is down, and employees have been told to turn off their computers and not use wi-fi, according to a person familiar with the matter. Sea Containers, the London building that houses WPP and agencies including Ogilvy & Mather, has been shut down, another person said. “IT systems in several WPP companies have been affected,” the company said in an emailed statement.
Elsewhere, consumer-goods firm Reckitt Benckiser posted a news item on its website, to ‘confirm that today it has been the subject of a cyberattack, which appears to be part of a global ransomware virus attack affecting many companies and organisations’.
The company wrote, ‘We are working to contain the virus and recover our systems so as to be able to restore normal operations as soon as possible.’
Cie de Saint-Gobain, a French manufacturer, said that its systems had also been infected, although a spokeswoman declined to elaborate, and the French national railway system, the SNCF, was also affected, according to Le Parisien.
Mondeléz International, Inc. said that it was also experiencing a global IT outage and looking into the cause. Metro Group said that its operations in Ukraine had similarly been affected, and the retail group was assessing the impact.
“With there being no global kill switch for this one, we’ll continue to see the numbers rise in different parts of the world, as more vulnerable systems become more exposed,” said Beau Woods, deputy director of the Cyber Statecraft Initiative at the Atlantic Council in Washington.
“[The most vulnerable are places] where the operators are, a lot of the time, at the mercy of manufacturers and providers of those technologies, and there’s a long time between existence of a fix and implementation of a fix,” said Woods.
The strikes follow the global ransomware assault involving the WannaCry virus, which affected hundreds of thousands of computers in more than 150 countries, as extortionists demanded $300 in Bitcoin from victims. Ransomware attacks have been soaring, and the number of such incidents increased by 50% in 2016, according to Verizon Communications, Inc.
Analysts at Symantec Corp. have said that the new virus, called Petya, uses an exploit called EternalBlue to spread, much like WannaCry. EternalBlue works on vulnerabilities in Microsoft Corp.’s Windows operating system.
The new virus has a fake Microsoft digital signature appended to it, and the attack is spreading to many countries, Costin Raiu, director of the global research and analysis team at Moscow-based Kaspersky Lab, said on Twitter.
The attack has hit Ukraine particularly hard.
'[The intrusion is] the biggest in Ukraine’s history,' Anton Gerashchenko, an aide to the Interior Ministry, wrote on Facebook.
“[The goal was] the destabilisation of the economic situation and in the civic consciousness of Ukraine, [although it was] disguised as an extortion attempt,” Gerashchenko said.