This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.nytimes.com/2017/06/27/technology/ransomware-hackers.html

The article has changed 8 times. There is an RSS feed of changes available.

Version 0 Version 1
New Cyberattack Spreads From Russia to Britain New Cyberattack Spreads From Russia to the United States
(about 2 hours later)
Computer systems from Russia to Britain were victims of an international cyberattack on Tuesday in a hack that bore similarities to a recent one that crippled tens of thousands of machines worldwide. Computer systems from Russia to the United States were victims of an international cyberattack on Tuesday in a hacking that bore similarities to a recent one that crippled tens of thousands of machines worldwide.
As reports of the attack spread quickly, the Ukrainian government said that several of its ministries, local banks and metro systems had been affected. A number of companies — including Rosneft, the Russian energy giant; Saint-Gobain, the French construction materials company; and WPP, the British advertising agency — also said they had been targeted. As reports of the attack spread quickly, the Ukrainian government said that several of its ministries, radiation monitoring at the Chernobyl nuclear facility, local banks and metro systems had been affected. A number of companies — including the Danish shipping giant Maersk; Rosneft, the Russian energy giant; Saint-Gobain, the French construction materials company; and WPP, the British advertising agency — also said they had been targeted.
And in the first confirmed cases in the United States, Merck, the drug giant, confirmed that its global computer networks had been hit, as did DLA Piper, the multinational law firm.
It remains unclear who is behind this most recent cyberattack. Like the previous WannaCry attacks in May, Tuesday’s hack takes over computers and demands digital ransom to regain control.It remains unclear who is behind this most recent cyberattack. Like the previous WannaCry attacks in May, Tuesday’s hack takes over computers and demands digital ransom to regain control.
Computer experts were calling the computer virus “Petya,” and said that it was similar to the WannaCry attack that spread like wildfire across much of Asia and Europe. “We are urgently responding to reports of another major ransomware attack on businesses in Europe,” Rob Wainwright, executive director of Europol, Europe’s police agency, said on Twitter.
Analysts have been warning that hackers are increasingly likely to use such ransomware attacks to gain access to people’s computers, both in a bid to cause major global disruption and for financial gain. Computer experts were calling the computer virus “Petya,” and said that it was similar to the WannaCry attack that spread quickly across much of Asia and Europe. Others cautioned, however, that it could be yet another type of ransomware.
That was the case in the recent WannaCry attack, which saw hospitals in the United Kingdom, automakers’ production facilities and German train stations all affected by the computer virus. At least nine European countries had been targeted in the latest attack, said Dan Smith, an information security researcher at Radware, a cybersecurity firm. “I first saw reports of this attack around 8 a.m. Eastern time coming from Ukraine, but it’s too early to tell who’s behind this,” Mr. Smith said.
The recent attacks appear to evade popular antivirus software. In a test of 61 antivirus solutions, only four successfully identified the ransomware. Researchers at the computer security company Symantec said the new attack is using the same hacking tool created by the National Security Agency that was used in the WannaCry attacks. Called “Eternal Blue,” the tool was among dozens leaked online last April by a group known as the Shadow Brokers.
Kaspersky, the Russian antivirus firm, first identified the ransomware in March and encountered a sample of the ransomware on June 18, suggests it has been hitting businesses for over a week. The vulnerability used by Eternal Blue was patched by Microsoft last April, but as the WannaCry attacks demonstrated, hundreds of thousands of organizations around the world failed to properly install the patch. But researchers at F-Secure, the Finnish cybersecurity firm, also noted that the ransomware used at least two other vectors to spread, beyond Eternal Blue, which suggests even those who implemented the Microsoft patch could be vulnerable.
“Just because you roll out a patch doesn’t mean it’ll be put in place quickly,” said Carl Herberger, vice president of security at Radware. “The more bureaucratic an organization is, the higher chance it won’t have updated its software.”
Immediate reports that the computer virus was a variant of Petya, suggest the attackers will be hard to trace. Petya was for sale on the so-called dark web, where its creators made the ransomware available as “ransomware as a service” — a play on Silicon Valley term for delivering software over the internet, according to the security firm Avast Threat Labs.
That means anyone can launch the ransomware, with the click of a button, encrypt someone’s systems and demand a ransom to unlock it. If the victim pays, the authors of the Petya ransomware, who call themselves “Janus Cybercrime Solutions,” get a cut of the payment.
That distribution model means that pinning down the individuals responsible for Tuesday’s attack could be difficult, if near impossible.
The attack is actually “an improved and more lethal version of WannaCry” according to Matthieu Suiche, a security researcher who helped contain the spread of the WannaCry ransomware last month when he created a “kill switch” that stopped the attacks from spreading.
Just over the past seven days, Mr. Suiche noted that WannaCry had attempted to hit another 80,000 organizations, but was prevented from executing attack code because of the kill switch.