A ransomware attack has hit some of the world’s largest businesses, such as WPP, Merck and AP Moller-Maersk, demanding $300 in bitcoin to unlock each encrypted machine. Infected computers have even been reported in the Ukranian government and banking infrastructure, taking some systems temporarily offline. While the attack can be prevented with relatively straightforward precautions, stopping its spread is still a challenge.
The attack bears a striking similarity to the WannaCry attack in May, which infected over 200,000 computers in 150 countries
As reported by the Financial Times, the new attack has hit devices as varied as ATMs and supermarket checkouts. Ukraine’s central bank, the Kyiv Metro and Boryspil Airport have also been hit, as well as some businesses in India and Australia.
The attack bears a striking similarity to the WannaCry attack in May, which infected over 200,000 computers in 150 countries. Reports have emerged that this most recent attack, named ‘NotPetya’ by Kaspersky researchers, has utilised the same exploit. Both programs use code known as ‘Eternal Blue’, a program security experts believe was originally stolen from the US National Security Agency (NSA). The NSA is believed to have identified the exploit, but did not publically disclose its existence in order to make sure it would have access to it in the future. Microsoft patched the flaw in March, however devices that have not yet been updated are still vulnerable.
While WannaCry was quickly slowed, this latest attack has proved far more challenging to stop. The BBC reported that the attack can be prevented from encrypting a machine by creating a single, read-only file in a specific location, but there is not yet a way to prevent it from spreading to other networked machines. However, unlike WannaCry, the software does not attempt to spread beyond a single network, meaning a further large-scale spread is unlikely.
Ransomware has seen as resurgence in popularity due to modern processors being fast enough to swiftly encrypt data, and bitcoin providing a secure and untraceable method to receive payment for decryption codes.