Another cyberattack with links to the stolen cache of National Security Agency materials is spreading across Europe on June 27, targeting banks, businesses, and a Ukraine power company.
Infections have been reported in Russia, Ukraine, Spain, France, the United Kingdom, and India. The attack caused disruption at firms including the advertising giant WPP, French construction materials company Saint-Gobain, and Russian steel and oil firms Evraz and Rosneft. Kiev’s airport and subway system are affected, according to the Guardian.
The antivirus firm Bitdefender identified the ransomware as a variant of a known strain called Petya that Bitdefender is calling GoldenEye.
Symantec said it had confirmed the ransomware was using the same exploit as last month’s WannaCry ransomware attack, which used one of the vulnerabilities leaked by the group the ShadowBrokers from a stolen cache of NSA hacking tools. Symantec researcher Ankit Singh shared a photo on Twitter of a screen displaying the ransomware.
The ransomware encrypts files on Windows computers and demands a $300 ransom to have them unencrypted. Thirteen payments have already been made to de-encrypt the computers.
“All the financial market participants have taken steps to tighten security measures to counteract these hacker attacks. The [National Bank of Ukraine] is confident that the banking infrastructure is securely protected from cyberattacks and any attempts to perform hacker attacks will be efficiently warded off,” Ukraine’s national bank said in a statement Tuesday.
Volodymyr Groysman, Ukraine’s prime minister, said the attack was “unprecedented” but vital systems had not been affected.
“Our IT experts are doing their job and protecting critical infrastructure,” Groysman said. “The attack will be repelled and the perpetrators will be tracked down.”