Petya Ransomware strain infects businesses in the Ukraine and Europe

The Corbel Blog

Many businesses are facing up to the realisation that their computing systems have been infected by a new variant of ransomware. It was only last month that the WannaCry ransomware strain spread around the globe, infecting over 230,000 computers and encrypting files leaving users locked out of their systems.


Twitter post about petya ransomware outbreak in the Ukraine


This new variant of ransomware is said to be related to the Petya (or Petrwrap) family. It has already caused widespread disruption, especially in the Ukraine where it has infected banking systems, power companies (including the state-owned Ukrenergo), the postal service, government departments, media outlets, airports and cell providers.

Although systems at Ukrenergo were infected, apparently it hasn’t caused any disruption to their power supply systems. “On June 27, a part of Ukrenergo’s computer network was cyber-attacked. Similarly, as it is already known with the media, networks and other companies, including the energy sector, were attacked. Our specialists take all the necessary measures for the complete restoration of the computer system, including the official [website]”, a spokesperson for Ukrenergo told Forbes earlier today.

The Ukraine was subjected to a flurry of hacking attempts on state websites towards the end of 2016. State security chiefs called for an improvement in the country’s cyber defences after a consecution of attacks on Ukraine’s power grid.

The Ukranian central bank has blamed an “unknown virus” for recent attacks, saying in a recent statement that “as a result of these cyber-attacks, these banks are having difficulties with client services and carrying out banking operations. The central bank is confident that the banking infrastructure’s defence against cyber fraud is properly set up and attempted cyber-attacks on banks’ IT systems will be neutralised.”

While the majority of the reports regarding infection have centred around the Ukraine so far, a lead scientist and principal engineer at McAfee, Christiaan Beek, said that the company had already seen infections in Spain and Germany and that the malware was spreading quickly into Europe. There have also since been reports of disruption at advertising giant WPP, Saint-Gobain in France, plus Evraz and Rosneft in Russia.


Kyiv Metro Alert petya ransomware


Affected systems are displaying this message:
“Ooops, your important files are encrypted.”
“If you see this text, then your files are no longer accessible, because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.”
“We guarantee that you can recover all your files safely and easily. All you need to do is submit the payment and purchase the decryption key.”

It is not currently known as to the extent that the ransomware has spread but over the next few hours and days it is highly likely that more victims of the latest cyber attack will come to light.

Want more information on Petya ransomware? Read our article “What is Petrwrap or Petya ransomware?” to get a better insight into this hard-hitting variant.