Massive new ransomware attack making its way around the globe

Bitcoin (Image credit: Shutterstock)

Just a month after the massive WannaCry ransomware attack hit computers around the world, it appears another attack is underway across Europe and around the globe. As reported by The Verge, Ukraine appears to be the hardest hit for the moment, with its central bank, Kiev metro, Boryspil airport, and a major power supplier all being affected.


Meanwhile, Maersk, based in Denmark, has confirmed its systems are down due to a cyberattack, and even Russian oil company Rosneft has been affected. The Verge also notes sporadic reports of infections are popping up across the UK and France. Sky News has now confirmed that British advertising firm WPP has been hit with a cyberattack as well.

A Kaspersky Lab researcher on Twitter identified the culprit as a ransomware known as PetrWrap, or Petya. Symantec has since confirmed that the malware is using the same attack vector as WannaCry, which utilized a leaked National Security Agency (NSA) exploit known as Eternal Blue. Bitdefender has identified this particular attack as a strain of Petya known as GoldenEye, which encrypts both the files on a drive and the drive itself. After encryption, the ransomware asks for $300 in Bitcoin to decrypt the PC.

It's not clear just how widespread the problem is at the moment, but the attack has already spread to a number of big companies around the globe, including Merck and Mars Inc, since initially being reported. Last month's WannaCry attack was estimated to have impacted hundreds of thousands of PCs across Europe. That attack was eventually linked back to a group thought to be working out of North Korea, though this latest attack is of unknown origins for the moment.

While security firms recommend you refrain from paying the ransom, it turns out that would be useless at this point anyway. The email provider behind the account used for sending decryption keys has blocked the account, meaning anyone who has already paid the ransom wasted their money.

For its part, Ukraine is taking the attack in stride, posting the following to Twitter:

See more

In a statement to the Verge, Microsoft commented about the new thread:

Our initial analysis found that the ransomware uses multiple techniques to spread, including one which was addressed by a security update previously provided for all platforms from Windows XP to Windows 10 (MS17-010). As ransomware also typically spreads via email, customers should exercise caution when opening unknown files. We are continuing to investigate and will take appropriate action to protect customers.

Updated June 27, 2017: Updated with more information on the ransomware's attack vector and affected companies.

Updated June 27, 2017: Updated again with statement from Microsoft via the Verge.

Dan Thorp-Lancaster

Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl

  • Why the picture of Bitcoin, now it seems as though Bitcoin is a major reason for the existence of crimes.
  • 'cause Bitcoin ransom, deeeeerrrrr
  • Bitcoin isn't the reason. Being a colossal assbag is the reason for the crime.
  • Colossal assbag thing is the Article writer settling on the Bitcoin graphics, while creating an association for the reader that Ransomware is related to Bitcoin. 
    Just sloppy posting again.
  • There is a relation as the commenter below pointed out
  • Bitcoin because the final step of the malware is that a screen comes asking for $300 in bitcoin to purchase the key to decrypt your drive.
  • The sad thing is that after last month's major attack which made headlines, people are supposed to become more aware of these risks and how to avoid them, yet it's as if they have learned nothing! How can people still fall for these viruses on such large scale?
  • Its not a matter of falling for them...if a buisness gets hit, all the machines get infected...not just that persons machine....all they have to do is change the signature of the virus, justa few bits of code or a header, and its iundetectable.....
  • I think it's Google taking revenge for the Eur1.2b fine.
  • Thus proving my point. It should not show the Bitcoin logo (the ridiculous campaign against Bitcoin is just ludicrous and people don't seem to see it) but some a-hole hacker or whatever security breach picture.
  • That's the whole point. This is part of a campaign against bitcoin. Problem -> Reaction ->Solution. We are in the "problem" phase right now. They need to ravage lives, to create hardship, so sheeple start squealing. That is why vault 7 has been released. Yes, released. In the reaction phase fingers will be pointed towards bitcoin. Even if the currency had nothing to do with it and the ransom receiving wallets are under constant surveillance.
  • Its weak media outlets like Windows Central that keep propelling misconceptions. We are what we eat.
  • Ouch, so many vital projects relying on Windows. Wonder if this is based off another NSA exploit...
  • Take a wild guess 😊
  • Well, the article clearly states it is. Did you not read it?
  • Merck got hit hard too. My buddies have packed up and gone home for the day, all PCs shut down.
  • Lucky for Microsoft I haven't seen any articles call out Windows specifically. I assume this is a Windows exploit so why isn't anyone talking about the versions affected?
  • Yup...i just got this today on my systems at work,....real nasty tooo....actuaaly infected the domain and mail servers, and made them crash and reboot with that screem which i didn't think was possible......Mcafee really dropped the ball on that one.....
  • For all those who keep saying Mac isn't affected coz of security, Just think. Windows 10 mobile doesn't have Virus like Android and iCloud hacks are not done to Onedrive. It's with the OS market share where Windows control majority of OS. If reports are to be believed, Windows XP has bigger market share than macOS. If anyone to be blamed, I would say that NSA's software and people who don't know about updates. :(
  • Can I just use backup software to backup all my data to prevent the virus? Like this one:
  • Does anyone know if windows 10 s would be vulnerable to this kind of attack?