Mass reports have surfaced of a new ransomware attack, believed to be a variant of Petya, affecting various computers in Ukraine. So far, the country’s central bank, local metro and Kiev’s Boryspil Airport have been hit, with various other companies also claiming they have suffered the same fate.
However, the attack does not appear to be limited to Ukraine; in a blog post security expert Graham Cluely wrote:
“There have been additional reports that the Spanish offices of multinational companies such as law firm DLA Piper have been hit by a malware attack that is encrypting files on their computers and demanding a ransom of US $300 in Bitcoin be paid to the extortionists.”
There have also been reports of infections in Russia, India and the UK, and “it seems unlikely that that will be the end of it,” Cluely added.
“I really hope you learnt a lesson from the WannaCry ransomware outbreak and put some secure backup systems in place,” he wrote.
It is not currently known for certain how the infection is spreading, but some researchers have taken to Twitter to claim it is using the same technique as WannaCry to target the SMBv1 EternalBlue exploit and take advantage of unpatched Windows machines.
Affected systems are displaying this message:
“Ooops, your important files are encrypted.
“If you see this text, then your files are no longer accessible, because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service.
“We guarantee that you can recover all your files safely and easily. All you need to do is submit the payment and purchase the decryption key.”