A large scale ransomware cyberattack has affected computers across the USA and Europe, causing major disruption in various areas. Large firms including WPP, French construction materials company Saint-Goban and Russian Evraz and Rosneft have been strongly affected. In Ukraine, the attack compromised the government, banks, state power utility and Kiev’s airport and metro system. Pittsburgh offices of food company Modelez, legal firm DLA Piper and shipping and transport company AP Moller-Maersk have also been victims of the cyberattack. Infected computers display a message requesting a payment of $300 in bitcoins and demand victims to send a confirmation of payment to an email address. The German email provider Posteo has shut down such email address, making it impossible for victims to receive a decryption key to unlock their files. Some technology experts have classed this attack as an updated version of a virus known as Petya or Petrwrap, which not only encrypts files but also overwrites and encrypts the master boot record (MBR). Analysts at Kaspersky Lab disagree. The Russian cyber security company sustains it is a new type of ransomware unseen in the past. The new virus has taken the name of “NotPetra”, as it locks computer files and demands ransom in exchange for a decryption key similarly to Petra.
The cyberattack has compressively affected 2,000 users in Russia, Poland, Ukraine, Italy, France, the UK, Germany and the USA. By contrast, last month’s WannaCry virus infected 230,000 computers in more than 150 countries. Experts at Symantec have confirmed the current attack, in line with the previous one, has used EternalBlue, a programme believed to have been developed by the US National Security Agency, in order to exploit software vulnerabilities. Nevertheless, uncertainty remains as to how the virus infected computers. As this seems not to have happened via email, experts are evaluating whether the ransomware initially targeted the network’s administrator tools.
Ransomware is a real and serious danger to your business. Azure Internet LTD guarantees you and your clients security through Sophos Intercept X, a revolutionary End Point protection solution with CryptoGuard technology, which eliminates ransomware upon activation and promptly recovers encrypted data. Sophos Intercept X stops all form of ransomware, protects your business from advanced exploits, instantly removes malware and offers you a root-cause analysis identifying how the ransomware infected your systems.