The following is an excerpt from an article written by Russel Brandom at Verge:
“A major ransomware attack has brought businesses to a close throughout Europe, in an infection reminiscent of last month’s WannaCry attack. The most severe damage is being reported by Ukrainian businesses, with systems compromised at Ukraine’s central bank, state telecom, municipal metro, and Kiev’s Boryspil Airport. Systems were also compromised at Ukraine’s Ukrenego electricity supplier, although a spokesperson said the power supply was unaffected by the attack.
The attack has even affected operations at the Chernobyl nuclear power plant, which has switched to manual radiation monitoring as a result of the attack. Infections have also been reported in more isolated devices like point-of-sale terminals and ATMs.
The virus has also spread internationally. The Danish shipping company Maersk has also reported systems down across multiple sites, including the company’s Russian logistics arm Damco. The virus also reached servers for the Russian oil company Rosneft, although it’s unclear how much damage was incurred. There have also been several recorded cases in the United States, including the pharmaceutical company Merck, a Pittsburgh-area hospital, and the US offices of law firm DLA Piper.
Early reports from a Kaspersky researcher identified the virus as a variant of the Petya ransomware, although the company later clarified that the virus is an entirely new strain of ransomware, which it dubbed “NotPetya.” Kaspersky telemetry indicated that at least 2,000 users had been attacked by the virus as of this afternoon.
Two separate firms have reported the new ransomware employs the same EternalBlue exploit used by WannaCry, allowing it to spread quickly between infected systems. Published by the Shadow Brokers in April, EternalBlue targets Windows’ SMB file-sharing system and is believed to have been developed by the NSA. Microsoft has since patched the underlying vulnerability for all versions of Windows, but many users remain vulnerable, and a string of malware variants have employed the exploit to deliver ransomware or mine cryptocurrency.
Reached by The Verge, Microsoft said it was continuing to investigate the attack. “Our initial analysis found that the ransomware uses multiple techniques to spread, including one which was addressed by a security update previously provided for all platforms from Windows XP to Windows 10 (MS17-010),” a spokesperson said in a statement. “As ransomware also typically spreads via email, customers should exercise caution when opening unknown files. We are continuing to investigate and will take appropriate action to protect customers.”