A massive ransomware attack – dubbed Petya – is causing havoc at airports, banks and many other institutions across Europe.
It remains unclear who is behind the attack, but Moscow-based security firm Group-IB told Reuters it appears to be a coordinated effort simultaneously targeting victims in Russia and Ukraine. The exact extent of the raid is yet to be determined, but some speculate it could be bigger than WannaCry.
While the attack seems to be more widely spread in Russia and Ukraine, it is also affecting companies in Denmark, Spain and the US.
So far several companies have reported experiencing issues, including Copenhagen-based shipping giant A.P. Moller-Maersk and Russia’s top oil producer Rosneft:
Director of Boryspyl Airport in Ukraine, Yevhen Dykhne, has since released a statement claiming that, “[i]n connection with the irregular situation, some flight delays are possible.”
“We kindly urge you to be understanding, keep calm,” he added. “Current information about the departure times can be found on the scoreboard in terminal.”
Внимание! Уважаемые коллеги/журналисты/пассажиры. Сегодня в аэропорту и в нескольких крупных предприятиях государственно…
Posted by Євгеній Дихне on Tuesday, June 27, 2017
According to chatter in the Twitterverse, the attackers are seeking a ransom fee of $300 worth of Bitcoin from individuals, accompanied by a short message asking victims to send funds to a certain Bitcoin wallet ID in order to receive their installation key.
You can follow all transactions made to the attacker’s wallet ID by following this link, or check out the Twitter bot someone made to keep track of it. So far there has been about eight payments made, equaling to a little over 1 BTC (about $2,300).
F-Secure star researcher Mikko Hypponen has compiled a list of some of the files that Petya takes hostage.
The list includes popular formats like *.pdf, *.pptx, *.ppt, *.ova, *.php and many more. For the full list, check the tweet below:
Update 11:35 am CST: Petya seems to be spreading as far as ATMs and supermarkets.
Even Chernobyl has been effected by the attack. Our advice: stay away until this is fixed.
Global law firm DLA Piper resorted to non-digital means of spreading the news after it was hit by the attack:
Update 1:22 pm CST: Posteo, the email service used by the attackers, has blocked the account. It urges people effected not to pay the ransom, as the attackers no longer have access to the email address and even paying means you might not get your files back, at least not at the moment.
Update 7:22 AM CST, June 28: Cybersecurity researcher Amit Serper has discovered a nifty trick to vaccinate your system against Petya (or however you wish to call it.
Catalin Cimpanu from Bleeping Computer has explained in more detail what steps you need to take to prevent Petya from infecting your computer here.