Sign in

Worldwide ransomware attack is on the move

By: Lisa Marlin

June 27, 2017

A quickly spreading ransomware attack is hitting countries across the world including France, Russia, Spain, Ukraine and the United States, just weeks after a ransomware attack known as WannaCry.

Security researchers said they believe the current ransomware attack is using malicious software, or malware, based not on “Wannacry” but one another one called “Petya,” the Russian word for “Peter.” However Kaspersky Lab, a global cybersecurity company based in Russia, says it may be an entirely new piece of software.

Several private companies confirmed Tuesday, June 27, 2017, that they were hit by the attack, including American pharmaceutical giant Merck. Photographs and videos of computers affected by the attack show a message of red text on a black screen that reads: “Oops, your important files have been encrypted. If you see this text then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking to recover your files but don’t waste your time.”

According a report in the New York Times, it is not yet known who is behind the ransomware attack. The original Petya ransomware was developed and used by cybercriminals, and variations have been sold through dark web trading sites.

Nor is it known how much bigger the attack will get. Cybersecurity researchers say that like WannaCry, the ransomware infects computers using vulnerabilities in the central nerve of a computer, called a kernel, making it difficult for antivirus firms to detect. It also has the ability to take advantage of a single unpatched computer on a network to infect computers across a vast network, meaning that even systems that were updated after WannaCry could potentially become vulnerable again.

What can you do?

Wired reports that this latest round of ransomware appears to be here to stay. The diversity of delivery options means that no single patch can necessarily provide complete protection against it. Even so, analysts agree that while patches don’t solve everything in this situation, they are still crucially important and do offer real defense. “Very, very important to patch,” says MalwareHunter, a researcher with the MalwareHunterTeam analysis group.

At home, make sure Windows computers are installed with at least the April 2017 Windows Update security-patch bundle from Microsoft, and antivirus software should be run. Also, personal Windows machines should not be used to connect to a corporate or enterprise network using a virtual private network (VPN) because the Windows patches won’t entirely protect machines on enterprise networks, where even patched machines are being infected.

Microsoft further advised all users to exercise caution when opening files in emails from unknown sources, since malware is often spread through email attachments. 

The news is changing by the minute and we’ll do our best to post updates. In the meantime, if you have questions or concerns, contact the experts at PrivaPlan at info@privaplan.com or call 877-218-7707.