The 'Petya' Ransomware Attack Just Hit the United States

The attack was first spotted in Ukraine.

Flickr / Christiaan Colen

An international cyberattack causing havoc with businesses and government systems has hit computers in the United States. First reported in Ukraine on Tuesday, the “Petya” ransomware attack rapidly spread to computers in the United Kingdom, Russia, France, and Denmark before reports emerged that the attack had spread further.

The ransomware displays a message that the computer’s files have been encrypted, and to access them again, they need to send $300 worth of Bitcoin digital currency to a listed address alongside a unique identifier key. The instructions are followed by an area to input a decryption key. One researcher described the attack as “bigger than WannaCry,” the international attack that took out several major computer systems last month.

Global law firm DLA Piper was among the first companies to report issues with its systems in the U.S. Legal Week spoke to company offices in the UK, Europe, the Middle East, and the U.S., all of whom said that they have been affected by the attack.

“The firm, like many other reported companies, has experienced issues with some of its systems due to suspected malware,” the company said in a statement to the publication. “We are taking steps to remedy the issue as quickly as possible.”

Pharmaceutical company Merck also confirmed that its systems were compromised during the attack. On the company’s Twitter account, Merck said:

We confirm our company’s computer network was compromised today as part of global hack. Other organizations have also been affected. We are investigating the matter and will provide additional information as we learn more.

Cybersecurity journalist David Gilbert also shared word from threat intelligence firm Recorded Future that it has received reports of victims in the U.S.

“We are talking about a cyber-attack,” Anders Rosendahl, a spokesman for the Copenhagen-based shipping group A.P. Moller-Maersk that was hit by the attack, told the Associated Press. “It has affected all branches of our business, at home and abroad.”

Anton Gerashchenko, adviser to Ukraine’s interior minister, claimed the attack is a variant of the “WannaCry” attack from last month. Overall, “WannaCry” hit 230,000 computers in 150 countries, including the U.S.

“The ultimate goal of the cyberattack was to try to destabilize,” Gerashchenko said in a Facebook post, claiming that the attacks probably came from Russia.

“WannaCry” spread itself by exploiting a vulnerability found in an online hacking tool. The exploit, which worked against computers running the Windows operating system, was discovered by the U.S. National Security Agency, causing a backlash against the agency. The attack had little effect on U.S. networks, which one expert suspected was because older computers did not have the necessary security updates to stop the attack.

“Because of the way in which the worm spreads, its success will be directly correlated to organizations that have the vulnerability still open,” said Steve Grobman, chief technology officer at McAfee, in an interview with USA Today. “It’s reasonable to assume that there are large populations of those systems in certain countries.”

Whether this latest attack will have the same limited reach remains to be seen, but it’s possible it could spread further.

“I think this will be bigger than WannaCry. It’s much better designed,” said security architect Kevin Beaumont on his Twitter page. “This has no killswitch, and it looks like they had a development budget. Expect a steady stream of big companies over next few days. That said antivirus should catch up soon [which] will significantly help.”