New Ransomware Shutting Down Banks, ATMs, Computers Worldwide
A new variant of the WannaCry ransomware that may have originated in North Korea was attacking banks and other vital infrastructure around the world Tuesday – and it has yet to stop.
The cyber weapon had hit Russia, the Ukraine, the United Kingdom and the United States and was demanding payment in bitcoin before the virus could be removed. In the Ukraine, it knocked out ATMs and supermarket cash registers, in addition to computers at banks, the Kiev airport, and the power grid.
It also had impacted Russian banks, and in the U.S., the pharmaceutical company Merck.
“We are urgently responding to reports of another major ransomware attack on businesses in Europe,” Rob Wainwright, executive director of Europol, wrote on Twitter. Europol is the European Union’s law enforcement agency.
Other targets included the world’s largest advertising agency, WPP; international law firm DLA Piper; French construction company St. Gobain; the Russian oil company Rosneft; and the Danish shipping firm AP Moller-Maersk.
Some were calling the new ransomware “Petya.”
The source of Petya was unknown but it is similar to ransomware that disrupted operations at the British National Health Service in May. Experts believe that attack originated in North Korea, the BBC reported.
The malicious code used in May, said cybersecurity researcher Adrian Nish, is identical to code found in earlier cyberweapons that were blamed on the Lazarus Group, which works for North Korea’s Kim Jong-un.
“It seems to tie back to the same code-base and the same authors,” Nish says. “The code overlaps are significant.”
The Lazarus Group is one of the world’s most active gangs of hackers. Nish thinks it was responsible for the theft of $81 million from Bangladesh’s central bank in 2016. Lazarus also was blamed for hacking Sony Pictures in 2014 in an attempt to prevent the release of a movie that mocked North Korea.
“It was one of the biggest bank heists of all time in physical space or in cyberspace,” Nish said.
The purpose of the earlier ransomware attack was to extort money from users, Nish said. WannaCry locks users of computers, and then demands $383.67 in bitcoin to regain access. The Petya virus was doing the same thing on Tuesday.
“Just because you roll out a patch doesn’t mean it’ll be put in place quickly,” said Carl Herberger, vice president of security at Radware, told The New York Times. “The more bureaucratic an organization is, the higher chance it won’t have updated its software.”
What is your reaction? Share it in the section below: