Time to batten down the cyber hatches!
— BBC Breaking News (@BBCBreaking) June 27, 2017
Companies across the globe are reporting that they have been struck by a major ransomware cyber-attack.
British advertising agency WPP is among those to say its IT systems have been disrupted as a consequence.
Ukrainian firms, including the state power company and Kiev’s main airport, were among the first to report issues.
The Chernobyl nuclear power plant has also had to monitor radiation levels manually after its Windows-based sensors were shut down.
The international police organisation Interpol has said it is “closely monitoring” the situation and liaising with its member countries.
Experts suggest the malware is taking advantage of the same weaknesses used by the Wannacry attack last month.
“It initially appeared to be a variant of a piece of ransomware that emerged last year,” said computer scientist Prof Alan Woodward.
The NY Times has a break down of what is and is not known.
• Cybersecurity researchers first said that the new ransomware appeared to be a variation of a well-known ransomware strain called Petya. One researcher from the Moscow-based cybersecurity firm Kaspersky Lab reported the new ransomware was a strain of Petya first identified in March 2016. Kaspersky found evidence that the latest strain had been created on June 18, suggesting it has been hitting victims for more than a week. But Kaspersky also said it was still investigating the attack and that it could be a new type of ransomware that has never been seen before.
• Kaspersky reported that approximately 2,000 computer systems had been affected by the new ransomware so far.
• Symantec, a Silicon Valley cybersecurity firm, confirmed that the ransomware was infecting computers through at least one exploit, or vulnerability to computer systems, known as Eternal Blue.
• Who is behind the ransomware attack. The original Petya ransomware was developed and used by cybercriminals, and variations have been sold through dark web trading sites, which are accessible only by using browsers that mask a user’s identity, making it difficult for cybersecurity researchers to track.
• Why it is spreading as quickly as it is. Cybersecurity researchers believe that like WannaCry, the ransomware infects computers using vulnerabilities in the central nerve of a computer, called a kernel, making it difficult for antivirus firms to detect. It is not yet known if the new ransomware uses any new vulnerabilities, or variants of the vulnerabilities, made public by the group known as the Shadow Brokers.
• It’s unclear if systems protected against WannaCry can still be affected by the new ransomware attack.