A massive cyber attack which has hit a number of institutions in Ukraine appears to be spreading across Europe.
Several firms, banks and government offices in Ukraine began to report attacks earlier today caused by ransomware named “Petya”.
London-based advertising giant WPP has reported problems with its IT systems caused by a “suspected cyber attack”, as did Danish shipping group Maersk, Cadbury’s owner Mondelez and a number of Russian businesses.
WPP’s share price plummeted following the news, before recovering slightly to close down 0.79 per cent on the day.
The Petya ransomware
“The Petya ransomware seems to be spreading using EternalBlue exploit just like WannaCry. Because the WannaCry kill switch worked, the pain stopped and many organisations did not complete patching their Windows,” said Chris Wysopal, co-founder of cybersecurity firm Veracode.
Josh Zelonis, senior analyst at research institute Forrester, added: “This ransomware strain is exploiting two vulnerabilities that were patched by Microsoft in March, one of which is the same EternalBlue exploit that was leveraged by WannaCry.
“While some organisations may have situations where they are unable to patch, that excuse doesn’t scale when you get a worm causing damage on this level.”
However, other experts have said there are key differences between the new Petya ransomware and the WannaCry attack, which affected several UK organisations including the NHS.
“We had an early warning shot last month as WannaCry spread like wildfire globally. However, in actual terms, it inflicted relatively little damage,” said Graeme Newman, chief innovation officer at cyber insurance firm CFC Underwriting.
“Petya seems to be different. This new breed of ransomware looks much more dangerous, already causing chaos for businesses around the world and early indications suggest that this could cost organisations ten times more than WannaCry.
“In terms of its global impact, we’re already seeing claims coming in from the US and are bracing ourselves for claims from other countries in the next few hours.”
Today’s crisis is also an indication that the threat level is increasing.
“This latest attack reminds us of two crucial facts regarding the current state of cyber security: that attackers now have access – regardless of whether they are state-sponsored or independent – to military-grade cyber weaponry, hence the fact that the attacks are so successful,” said Jamie Graves, chief executive of Edinburgh-based software company ZoneFox.
“Secondly, that digital data is directly linked to physical assets. It’s not just computer systems shutting down – it’s energy grids losing power, ships stopping in their tracks and people not being able to access their money.”