Padlock made from zeroes on a background of ones

Illustration by Jason Reed

A major ransomware attack is spreading around the globe (updated)

The U.S. has blamed Russia.


Andrew Couts

Layer 8

Posted on Jun 27, 2017   Updated on May 23, 2021, 1:41 am CDT

Update 3:49pm CT, Feb. 15: The U.S. and U.K. governments accused the Russian military of orchestrating the so-called “NotPetya” ransomware attack last year.

The White House released a statement on Feb. 15, claiming the attack “was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict.” It says the malware caused “billions of dollars in damage” across Europe, Asia, and the Americas.

The statement was released just hours after the U.K.’s defense minister accused Russia of “undermining democracy,” according to the Guardian.

You can read the Trump administration’s full statement below:

In June 2017, the Russian military launched the most destructive and costly cyber-attack in history.

The attack, dubbed “NotPetya,” quickly spread worldwide, causing billions of dollars in damage across Europe, Asia, and the Americas. It was part of the Kremlin’s ongoing effort to destabilize Ukraine and demonstrates ever more clearly Russia’s involvement in the ongoing conflict. This was also a reckless and indiscriminate cyber-attack that will be met with international consequences.

A new wave of ransomware attacks is wreaking havoc around the globe, as businesses and governments find their systems held hostage by unknown attackers.

The attack appears to have primarily targeted entities in Ukraine and Russia, including the networks of Russian oil giant Rosfnet and Ukraine’s central bank, state-run power company, and its largest airport, among other entities. However, the attack appears to be quickly spreading to other organizations around the world.

“The cyber attack could lead to serious consequences, however, due to the fact that the Company has switched to a reserve control system, neither oil production nor preparation processes were stopped,” Rosfnet said in a statement.

Ukraine’s National Bank said in a statement that the cyberattack was causing banks to have “difficulties with client services and carrying out banking operations.”

On Twitter, Ukrainian Deputy Prime Minister Pavlo Rozenko said Ukraine’s Cabinet of Ministers had also been targeted.

In addition to major entities in Ukraine and Russia, the ransomware has also hit British marketing firm WPP, and Dutch shipping giant Maersk. More victims are expected as security researchers attempt to uncover how the virus is spreading.

Ransomware is a computer virus that encrypts all the files on an infected computer and requires the victim to pay to regain access to their data. A researcher for cybersecurity firm Kaspersky Lab identified this particular virus as the Petrwrap or Petya ransomware. But the firm later clarified that it is not a variant of that malware and is instead a “new ransomware that has not been seen before.”

The malware attack follows another recent scourge of ransomware known as WannaCry, which infected computers in more than 150 countries. Like WannaCry, the new malware appears to target a vulnerability in some Windows machines that were first revealed by the leak of stolen National Security Agency cyberweapons. The NSA exploit used to carry out the attack, known as EternalBlue, was leaked in April by a group going by the name Shadow Brokers.

North Korea is suspected of carrying out the WannaCry attack. It is currently too soon to tell who launched Tuesday’s attack.

In the case of the most recent ransomware attack, the malware locks down a users’ computer and demands they pay $300 in bitcoin to have their files unlocked. As the Verge reports, very little money has so far been deposited into the bitcoin wallet linked to the malware—about 1.5 bitcoins, or around $3,500, as of publication.

Clarification: Contrary to initial reports from cybersecurity experts, the malware that caused Tuesday’s attack is not a variant of the Petrwrap or Petya ransomware.

Share this article
*First Published: Jun 27, 2017, 11:51 am CDT