A new wave of GoldenEye and Petya ransomware cyberattacks is spreading around the world. The attacks are similar to those associated with the WannaCry/WannaCrypt malware discovered last month, according to The New York Times.
MSSP Alert will be posting additional coverage throughout the evening so keep checking back for updates.
The New York Times indicated the cyberattacks have already affected various organizations in Europe and the United States, including:
- Maersk: Danish transport and logistics company.
- Merck: American pharmaceutical company.
- Rosneft: Oil company owned by the Russian government.
- Saint-Gobain: French building and materials company.
- WPP: British advertising agency.
Antivirus solutions and internet security company Kaspersky Lab reported more than 2,000 of these ransomware attacks have been launched thus far. Kaspersky has linked the cyberattacks to the Petya ransomware, malware that "waits for 10-60 minutes after the infection to reboot the system," the company noted.
Meanwhile, VIPRE Security tells MSSP alert that the attacks involve double encryption -- targeting even the master boot record if the user has administration rights. The attack crashes the computer after the encryption and the pursues the ransom bounty from the user.
Revenge of Petya
The ransomware also may be a combination of an older Petya variant and the EternalBlue Server Message Block (SMB) exploit, according to Phil Richards, chief information security officer at IT management solutions provider Ivanti.
"The actual malware is ransomware, requesting a ransom equivalent to $300 in bitcoins," Richards told MSSP Alert. "The Petya component includes many features that enable the malware to remain viable on infected systems, including attacking the Master Boot Record. The EternalBlue component enables it to proliferate through an organization that doesn't have the correct patches or antivirus/antimalware software."
To date, no one has claimed responsibility for the global ransomware cyberattacks, The New York Times stated.
U.S. Department of Homeland Security officials are "monitoring reports of cyberattacks affecting multiple global entities and is coordinating with our international and domestic cyber partners," department spokesperson Scott McConnell told NPR.
The potential good news: Cybersecurity solutions like VIPRE claim to have machine learning techniques that can identify suspicious endpoint behavior and isolate system, the company claims.
We'll share more perspectives from additional experts later today. Keep checking back for updates and more coverage.
Additional insights from Joe Panettieri.