Ransomware attack hits U.S. and other regions

Support our flag. Get the bumper sticker. CLICK HERE

Europe is being threatened by a fast-growing ransomware outbreak, and the infection has also reached the United States and India. The ransomware encrypts Windows files, locking the user out until a $300 ransom is paid.

The ransomware is spreading quickly, according to Dave Kennedy of TrustedSec, a security consulting firm. On Twitter, Kennedy wrote: “Spreads super fast – saw [5,000] systems hit in under 10 minutes. Restarts computer with ransom message (MBR).”


He then warned users to be mindful of the virus, writing: “World blowing up from Petya today – be careful out there! Mass infections, shuts down large infrastructure via worm fast.”

Initial reports about the virus came out of the Ukraine Tuesday. They said a massive cyber attack had been perpetrated on the government infrastructure, affecting the country’s national bank, state power company and largest airport.

In a statement Tuesday, Ukraine’s national bank warned “financial market participants” about the attack, which targeted the websites of “some Ukrainian banks, along with commercial and public enterprises.”

The statement continues:

“As a result of these cyberattacks, banks experience difficulty in servicing customers and performing banking operations. All the financial market participants have taken steps to tighten security measures to counteract these hacker attacks. The [National Bank of Ukraine] is confident that the banking infrastructure is securely protected from cyberattacks and any attempts to perform hacker attacks will be efficiently warded off. The NBU closely monitors developments and inform market participants about the cybersecurity measures taken to protect the banking system.”

Deputy Prime Minister Rozenko Pavlo of the Ukraine shared photos of a boot screen displaying the ransomware to Twitter.

In the U.S., the pharmaceutical company Merck, announced its computers had been infected, as did other companies. Mikko Hypponen, chief research officer of Helsinki-based cyber security firm F-Secure, said that as Americas workers turn on vulnerable machines, the virus could spread. “This could hit the U.S.A. pretty bad,” he said.

According to reports, the U.S. Department of Homeland Security is monitoring reports of cyber attacks and coordinating with countries around the world.

Meanwhile, across Europe and Asia, many companies have been affected by some kind of attack Tuesday. Among them: WPP, a major advertising company in Britain; Russia’s central bank; and A.P. Moller-Maersk, a Danish shipping company.

According to The Hill, the outbreak has been “reported to be a variant of the Petya ransomware,” but some researchers say it isn’t Petya, its something with a similar design. Kaspersky Lab, who originally identified the Petya family, is skeptical of the connection. In a statement, they said, “Our preliminary findings suggest that it is not a variant of Petya ransomware as publicly reported, but a new ransomware that has not been seen before. That is why we have named it NotPetya.”

Antivirus firm BitDefender says the new virus is “almost identical” one called GoldenEye, on “offshoot” of Petya. According to The Hill, BitDefender and Kaspersky both “agree that the ransomware uses multiple infection mechanisms.” Bitdefender says the ransomeware encrypts files and segments of the file storage system.

Hypponen, who said the virus is similar to one called “WannaCry,” called out over 60 file types that Petya ransomware encrypts, including Microsoft office files, PDFs, compressed files and source code.

Reportedly, experts warn against paying the ransom. They say paying it may encourage future attacks of this kind.

JOIN THE MOVEMENT to SAVE THE NATIONAL ANTHEM
Please join the thousands of DML readers who have purchased a bumper sticker. CLICK HERE.

If you would like to receive Breaking News text alerts on a smartphone or tablet, download the DML APP which is completely FREE and easy to use. Go to the Google Play Store or the IOS App Store and search for DML APP. Be sure to keep the app’s notifications setting on. Another way to receive alerts is to text to 40404 the following message: follow @realdennislynch (be sure to put a space between the word follow and the @ symbol).

To see more stories like this, sign up below for Dennis Michael Lynch’s email newsletter.







 

Comment via Facebook

Send this to a friend