Content, Americas, Breach, Channel markets, Europe, Ransomware

New Petya, Goldeneye Ransomware Cyberattacks Spread Globally; Merck Hit


A new wave of GoldenEye and Petya ransomware cyberattacks is spreading around the world. The attacks are similar to those associated with the WannaCry/WannaCrypt malware discovered last month, according to The New York Times.

MSSP Alert will be posting additional coverage throughout the evening so keep checking back for updates.

The New York Times indicated the cyberattacks have already affected various organizations in Europe and the United States, including:

  • Maersk: Danish transport and logistics company.
  • Merck: American pharmaceutical company.
  • Rosneft: Oil company owned by the Russian government.
  • Saint-Gobain: French building and materials company.
  • WPP: British advertising agency.

Antivirus solutions and internet security company Kaspersky Lab reported more than 2,000 of these ransomware attacks have been launched thus far. Kaspersky has linked the cyberattacks to the Petya ransomware, malware that "waits for 10-60 minutes after the infection to reboot the system," the company noted.

Meanwhile, VIPRE Security tells MSSP alert that the attacks involve double encryption -- targeting even the master boot record if the user has administration rights. The attack crashes the computer after the encryption and the pursues the ransom bounty from the user.

Revenge of Petya

The ransomware also may be a combination of an older Petya variant and the EternalBlue Server Message Block (SMB) exploit, according to Phil Richards, chief information security officer at IT management solutions provider Ivanti.

"The actual malware is ransomware, requesting a ransom equivalent to $300 in bitcoins," Richards told MSSP Alert. "The Petya component includes many features that enable the malware to remain viable on infected systems, including attacking the Master Boot Record. The EternalBlue component enables it to proliferate through an organization that doesn't have the correct patches or antivirus/antimalware software."

To date, no one has claimed responsibility for the global ransomware cyberattacks, The New York Times stated.

U.S. Department of Homeland Security officials are "monitoring reports of cyberattacks affecting multiple global entities and is coordinating with our international and domestic cyber partners," department spokesperson Scott McConnell told NPR.

Furthermore, EU law enforcement agency Europol is "urgently responding" to the ransomware attacks, Europol Executive Director Rob Wainwright indicated via Twitter.

The potential good news: Cybersecurity solutions like VIPRE claim to have machine learning techniques that can identify suspicious endpoint behavior and isolate system, the company claims.

We'll share more perspectives from additional experts later today. Keep checking back for updates and more coverage.

Additional insights from Joe Panettieri.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.