Computer systems from Russia to the United States were struck on Tuesday in an international cyberattack that bore similarities to a recent assault that crippled tens of thousands of machines worldwide.
As reports of the attack spread quickly, the Ukrainian government said that several of its ministries, radiation monitoring at the Chernobyl nuclear facility, local banks, and metro systems had been affected. A number of companies — including the Danish shipping giant Maersk; Rosneft, the Russian energy giant; Saint-Gobain, the French construction materials company; and WPP, the British advertising agency — also said they had been targeted.
In the first confirmed cases in the United States, Merck, the drug giant, confirmed that its global computer networks had been hit, as did DLA Piper, the multinational law firm.
It remains unclear who is behind this cyberattack. Like the WannaCry attacks in May, the hack Tuesday takes over computers and demands digital ransom from their owners to regain control.
“We are urgently responding to reports of another major ransomware attack on businesses in Europe,’’ Rob Wainwright, executive director of Europol, Europe’s police agency, said on Twitter.
Computer experts were calling the virus Petya, and said that it was similar to the WannaCry attack, which spread quickly across much of Asia and Europe. Others cautioned, however, that it could be yet another type of ransomware.
At least nine European countries had been targeted in the latest attack, said Dan Smith, an information security researcher at Radware, a cybersecurity firm. “I first saw reports of this attack around 8 a.m. Eastern time coming from Ukraine, but it’s too early to tell who’s behind this,’’ he said.
Researchers at the computer security company Symantec said the new attack was using the same hacking tool created by the National Security Agency that was used in the WannaCry attacks. Called Eternal Blue, the tool was among dozens leaked online last April by a group known as the Shadow Brokers. The NSA has not acknowledged its tools were used in WannaCry or other attacks.
The vulnerability used by Eternal Blue was patched by Microsoft last April, but as the WannaCry attacks demonstrated, hundreds of thousands of organizations around the world failed to properly install the patch. But researchers at F-Secure, the Finnish cybersecurity firm, also noted that the ransomware used at least two other vectors to spread, beyond Eternal Blue, which suggests even those who used the Microsoft patch could be vulnerable.
“Just because you roll out a patch doesn’t mean it’ll be put in place quickly,’’ said Carl Herberger, vice president of security at Radware. “The more bureaucratic an organization is, the higher chance it won’t have updated its software.’’
Immediate reports that the computer virus was a variant of Petya suggest the attackers will be hard to trace. Petya was for sale on the so-called dark Web, where its creators made the ransomware available as “ransomware as a service’’ — a play on Silicon Valley terminology for delivering software over the Internet, according to the security firm Avast Threat Labs.
That means anyone can launch the ransomware with the click of a button, encrypt someone’s systems and demand a ransom to unlock it. If the victim pays, the authors of the Petya ransomware, who call themselves Janus Cybercrime Solutions, get a cut of the payment.
That distribution model means that pinning down the individuals responsible for Tuesday’s attack could be difficult, if nearly impossible.
The attack is actually “an improved and more lethal version of WannaCry,’’ according to Matthieu Suiche, a security researcher who helped contain the spread of the WannaCry ransomware last month when he created a so-called kill switch that stopped the attacks from spreading.
Over just the past seven days, Suiche noted that WannaCry had attempted to hit an additional 80,000 organizations, but was prevented from executing attack code because of the kill switch. On Tuesday, Suiche said there was no kill switch for the Petya attacks.
The Petya attacks could be worse than WannaCry, said Chris Hinkley, a researcher at Armor, the security firm, because these attacks encrypt and lock entire hard drives, while the earlier ransomware attacks locked only individual files.
But researchers at the security company Kaspersky Labs questioned whether the attack was something other than what has been described as the Petya attacks. The company’s data indicates around 2,000 users have been attacked so far.
