Weeks after WannaCry, another Global Cyberattack Cripples Systems

WannaCry was discovered in mid-May of this year, and the powerful ransomware sample wasted no time making a name for itself. Hackers took full advantage of the new ransomware threat, and just three days after it emerged, WannaCry had already been used to spur attacks in more than 150 countries, according to The Verge.

WannaCry spread like wildfire, capturing headlines across the globe. Now, a new ransomware threat is seeking to take WannaCry’s crown. This newest malware has been dubbed Petrwrap or Petya, and it appears to be piggy-backing off the wave created by its predecessor.

Petya hits large-scale, global targets

While many ransomware infections are similar - utilizing encryption to block access to important files while demanding a ransom be paid in untraceable Bitcoin for decryption - each sample family leverages unique strategies to exploit weaknesses and enable a successful attack. Security analysts studying the threat found that Petya operated in a way that was very reminiscent of WannaCry, according to Independent contributor Lizzie Dearden.

Even more worrisome was the fact that some of Petya’s first targets were considerably high-profile. Petya was leveraged to launch several attacks, including on a national bank in Ukraine, a state power provider and the country’s biggest airport travel hub. Dearden reported these instances were waves of a larger cyberattack impacting Ukraine’s entire government infrastructure.

Over the course of the attack, victims reported they were unable to access computers they used for sensitive government or company information. Among the victims was Deputy Prime Minister Rozenko Pavlo, who shared an image of the ransomware notification screen that was displayed on every government computer. The message noted that a disk contained an error in need of repair, that the process would take several hours, and that users should not turn off the affected computer. Other infected computers displayed a message demanding a $300 Bitcoin ransom, claiming the ransom would restore access to encrypted files.

As the Petya attack continued in Ukraine, several other victims came forward to report their experiences:

  • Antonov, a state-operated aircraft manufacturer, reported its systems were infected.
  • Ukrenergo, a power distributor, was also attacked. Thankfully, the ransomware did not impact its ability to provide power.
  • The National Bank of Ukraine announced an “unknown virus” was impacting its computers, as well as the systems of several other unnamed banks and financial firms in the country. The National Bank’s statement noted “these banks have difficulties with customer service and banking operations.”
  • Boryspil International Airport was impacted by Petya, losing the ability to use computers and update departure boards.
  • Ukrposhta was attacked as well, including the organization’s state postal, television and transport services. Due to the infection, Kiev metro passengers were left without a way to use their bank cards to pay for travel.
  • Chernobyl authorities reported they had to use manual radiation monitoring within the site of the nuclear disaster as opposed to more advanced automated monitoring, which was disabled during the attack.
  • An array of ATMs and supermarket tills were unusable, each displaying the warning notification from hackers responsible for the attack.

Global cyberattacks require a unified response

There’s no arguing the Petya attack in Ukraine was one of the largest-scale global attacks within recent memory. It is also just one in a recent rash of attacks impacting important systems and organizations across the world.

In this type of environment, the best strategy is for governments and organizations to unify and defend against global attacks of this kind.

“We must work collectively, not just with two or three Western countries, but on a global scale,” said Guillaume Poupard, National Cybersecurity Agency of France director general.

As agencies look to participate in more collaborative efforts against cybercrime, forensic data analytics could hold the key. To find out more, contact us today.