With WannaCry barely in the rearview mirror, another ransomware strain has been affecting computers throughout Europe today. The Petya ransomware, as it is known, infected thousands of computers earlier today, spreading between machines and encrypting their contents unless users paid up to a bitcoin address.
According to cybersecurity researchers at Kaspersky Lab, 60 percent of the current Petya epidemic is concentrated in Ukraine, and another 30 percent in Russia. Earlier today, Ukraine deputy prime minister Pavlo Rozenko tweeted an image of a government computer affected by the virus. Others in Ukraine are reporting difficulties accessing banking functions and buying fuel. Large parts of the country’s infrastructure are bending under the pressure.
In addition, the pharmaceutical giant Merck was affected, and said it was looking into it. Other companies were affected as well.
(An American health-care system, Heritage Valley Health System, also appears to have been hit by a cyberattack today, though it is unknown is if is connected to the Petya attack.)
The ransomware was tied to the email address wowsmith123456@posteo.net, which the email provider has since disabled in an attempt to stop the spread. Petya also takes advantage of a computer vulnerability known as Eternal Blue, which was first released in April by the anonymous hacking group the Shadow Brokers.
Meanwhile, whoever launched the attack is raking in thousands of dollars in bitcoin payments, which you can track via the Twitter bot @petya_payments.
Publicly, the Ukrainian government wants everyone to know that it’s no big deal.
