A broad cyberattack featuring a ransomware program that encrypts infected computer files is spreading rapidly from Russia to Europe and the Americas. More than 2,000 computer systems are known to be infected at this point.
The New York Times reports that the attack has infected numerous systems in the Ukraine including radiation monitoring at Chernobyl, several government ministries, and local banks and transit systems. Other companies that were reportedly attacked include the Danish shipping company, Maersk, the American pharmaceutical company, Merck, and Rosneft, a state-owned Russian oil company.
The Times reports that infected computers display a black screen with red text that reads, “Oops, your important files have been encrypted. If you see this text then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking to recover your files but don’t waste your time.”
The Kapersky Lab, a cybersecurity firm headquartered in Moscow and own by a British corporation, said that it had tentatively identified the ransomware as a new strain of the Petya computer virus that was compiled on June 18, 2017. Some researchers are calling the new strain “NotPetya” because it is significantly different from the original virus.
NotPetya has the potential to be much more problematic than the WannaCry virus that fizzled earlier this year. According to Forbes, the new virus can even attack Windows systems that have security patches that are up to date. Even computers running Windows 10 are reported to be vulnerable. NotPetya can even extract passwords and use them to spread the infection to other computers.
The source of the NotPetya is unknown, but is presumed to be cybercriminals rather than a state actor. The program demands a ransom payment payable in bitcoin. At least 22 payments have been made, but Forbes reports that the email address set up to provide keys has been shut down by the provider, leaving owners of infected computer systems few options in recovering their files.