After the widespread WannaCry ransomware attack earlier this year, yet another ransomware program has hit, and is spreading globally at a rapid pace. The goernment of Ukraine, its national bank, transportation services and some of its largest power companies have been affected by the massive ransomware outbreak. The source of the infection is still unknown, though some security experts are blaming a breed called Petya, while others are calling it GoldenEye.
“[We’re seeing] several thousands of infection attempts at the moment, comparable in size to WannaCry’s first hours,” Kaspersky Lab’s Costin Raiu told Forbes, who added that the infections are occurring in many countries. Another security firm BitDefender said it believed a similar strain called GoldenEye was responsible. Later, security firms such as Kaspersky and Avast said that the malware responsible was actually an entirely new ransomware that had borrowed Petya code.
BitDefender Labs observes the nature of the ransomware program, noting that unlike most ramsonware, the new GoldenEye variant has two layers of encryption, one that individually encrypts target files on the computer. and another one that encrypts NTFS structures. This approach prevents victims computers from being booted up in a live OS environment and retrieving stored information or samples. And just like Petya, GoldenEye encrypts the entire hard drive and denies the user access to the computer. However, unlike Petya there is no workaround to help victims retrieve the decryption keys from the computer. ALSO READ: Before WannaCry and Judy, these 5 malware attacks wreaked havoc globally
Additionally, after the encryption process is complete, the ransomware has a specialized routine that forcefully crashes the computer to trigger a reboot that renders the computer unusable until the $300 ransom is paid.
However, regardless of the nature of the malware, the real concern here is that the attacks are now global. Reportedly, GoldenEye or Petya operators have already received 13 payments in almost two hours. BitDefender Labs reported a Danish shipping and energy company Maersk announce a cyberattack on its website, noting, “We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyberattack.” A Russian oil industry giant Rosnoft said it was facing a “powerful hacker attack.” British advertiser WPP said on Facebook it was also hit by an attack, and a law firm DLA Piper also confirmed it had been targeted by hackers. None of the companies. however, offered specifics on the nature of those hacks. ALSO READ: Indian firms in hurry to implement GST could be skipping vulnerable loopholes in IT infrastructure: Report
While companies across the world have been affected, Ukraine has been most severely affected. Other victims included major energy companies such as the state-owned Ukrenergo and Kiev’s main supplier Kyivenergo. Government officials have reportedly sent images of their infected computers, including one from deputy prime minister Pavlo Rozenko, who later said the whole government network was down. ALSO READ: India is the 8th most vulnerable country to Web Applications attacks: Akamai