Another major ransomware outbreak has taken place today, with a number of major institutions affected in Ukraine. The government, an energy supplier and a bank have all been hit in the latest incident.
The ransomware, which is from the Petya family, comes after WannaCry had a major impact around the globe last month.
Significantly, the latest ransomware outbreak has been possible due to the EternalBlue exploit, according to Mikko Hypponen of Finnish security specialist F-Secure. This is important as EternalBlue was also the exploit used by WannaCry.
Claims that Petya takes advantage of EternalBlue will increase focus on the National Security Agency of the United States. It has been reported that the NSA was responsible for the creation of EternalBlue.
Petya requests payment in the form of bitcoins, and it appears that – as with WannaCry – it was likely created for financial gain. But that in itself raises questions over the level of devastation that could be caused should an attacker deliberately target a country, with the sole aim of causing widespread damage.
In Ukraine, vital government and banking infrastructure were debilitated. The wide array of victims of the attack included state power distributer Ukrenergo and Boryspil International Airport.
Both WannaCry and Petya were designed to spread quickly. The speed of infection can make the effects of this type of malware particularly troublesome, as many essential infrastructure providers can find themselves dealing with an attack at the same time.
When a large amount of critical infrastructure becomes unable to function, the effects can be compounded as vital services are shutdown.
Large organisations were also affected by WannaCry, with the United Kingdom’s National Health Service disrupted by the malware.
Although Ukraine has been hit particularly hard by the Petya outbreak, the ransomware has caused problems around the world. Some of the world’s biggest companies have been affected, including AP Moller-Maersk, Rosneft, Merck and WPP.
[via Financial Times]