A massive ransomware attack – dubbed Petya – is causing havoc at airports, banks and many other institutions across Europe.
It remains unclear who is behind the attack, but Moscow-based security firm Group-IB told Reuters it appears to be a coordinated effort simultaneously targeting victims in Russia and Ukraine. The exact extent of the raid is yet to be determined, but some speculate it could be bigger than WannaCry.
While the attack seems to be more widely spread in Russia and Ukraine, it is also affecting companies in Denmark, Spain and the US.
So far several companies have reported experiencing issues, including Copenhagen-based shipping giant A.P. Moller-Maersk and Russia’s top oil producer Rosneft:
We can confirm that Maersk IT systems are down across multiple sites and business units. We are currently assessing the situation.
— Maersk (@Maersk) June 27, 2017
A massive hacker attack has hit the servers of the Company. We hope it has no relation to the ongoing court procedures.
— Rosneft (@RosneftEN) June 27, 2017
Global ransomware attack. #Petya
Harbour terminals
Airports
Electricity grids
Banks
Factory's
Offices
Insurance company's
Military
Etc pic.twitter.com/EvfDctWfkK— Ntisec #NeoSlave (@ntisec) June 27, 2017
Director of Boryspyl Airport in Ukraine, Yevhen Dykhne, has since released a statement claiming that, “[i]n connection with the irregular situation, some flight delays are possible.”
“We kindly urge you to be understanding, keep calm,” he added. “Current information about the departure times can be found on the scoreboard in terminal.”
Внимание! Уважаемые коллеги/журналисты/пассажиры. Сегодня в аэропорту и в нескольких крупных предприятиях государственно…
Posted by Євгеній Дихне on Tuesday, June 27, 2017
According to chatter in the Twitterverse, the attackers are seeking a ransom fee of $300 worth of Bitcoin from individuals, accompanied by a short message asking victims to send funds to a certain Bitcoin wallet ID in order to receive their installation key.
You can follow all transactions made to the attacker’s wallet ID by following this link, or check out the Twitter bot someone made to keep track of it. So far there has been about eight payments made, equaling to a little over 1 BTC (about $2,300).
F-Secure star researcher Mikko Hypponen has compiled a list of some of the files that Petya takes hostage.
The list includes popular formats like *.pdf, *.pptx, *.ppt, *.ova, *.php and many more. For the full list, check the tweet below:
Petya encrypts the following file types, demands a $300 ransom in Bitcoin. pic.twitter.com/9a3S2fwDtR
— Mikko Hypponen (@mikko) June 27, 2017
Update 11:35 am CST: Petya seems to be spreading as far as ATMs and supermarkets.
Petya on an ATM. Photo by REUTERS.https://t.co/fDQ0nGyQc6 pic.twitter.com/gT2xQP9wAo
— Mikko Hypponen (@mikko) June 27, 2017
Even Chernobyl has been effected by the attack. Our advice: stay away until this is fixed.
Chornobyl nuclear power plant has switched to manual radiation monitoring of site b/c cyberattack, says Exclusion Zone agency press service.
— Christopher Miller (@ChristopherJM) June 27, 2017
Global law firm DLA Piper resorted to non-digital means of spreading the news after it was hit by the attack:
A tipster sends along this photo taken outside DLA Piper's D.C. office around 10am. #Petya pic.twitter.com/HWS4UFlvQR
— Eric Geller (@ericgeller) June 27, 2017
Update 1:22 pm CST: Posteo, the email service used by the attackers, has blocked the account. It urges people effected not to pay the ransom, as the attackers no longer have access to the email address and even paying means you might not get your files back, at least not at the moment.
Update 7:22 AM CST, June 28: Cybersecurity researcher Amit Serper has discovered a nifty trick to vaccinate your system against Petya (or however you wish to call it.
100% certainty! Create a file called perfc with no extension in %windir%. And now I celebrate with friends! pic.twitter.com/JB03xab2BZ
— Amit Serper (@0xAmit) June 27, 2017
Catalin Cimpanu from Bleeping Computer has explained in more detail what steps you need to take to prevent Petya from infecting your computer here.
Get the TNW newsletter
Get the most important tech news in your inbox each week.