Hack has hallmarks of ransomware

Experts say it is likely spreading automatically across the network without need for humans.

Update: 2017-06-27 19:48 GMT
The Q2 APT Trends report summarizes the findings of Kaspersky Lab's subscriber-only threat intelligence reports. During the second quarter of 2017, Kaspersky Lab's Global Research and Analysis Tam created 23 private reports for subscribers, with Indicators of Compromise (IOC) data and YARA rules to assist in forensics and malware-hunting.

Paris: A new and highly virulent outbreak of malicious data-scrambling software appears to be causing mass disruption across the world, hitting companies and governments in Europe especially hard.

“We are talking about a cyberattack,” said Anders Rosendahl, a spokesman for the Copenhagen-based shipping group. “It has affected all branches of our business, at home and abroad.”

The number of companies and agencies reportedly affected by the ransomware campaign was piling up fast, and the electronic rampage appeared to be rapidly snowballing into a worldwide crisis.

There’s very little information about what might be behind the disruption at each specific company, but cybersecurity experts rapidly zeroed in on a form of ransomware, the name given to programmes that hold data hostage by scrambling it until a payment is made.

“A massive ransomware campaign is currently unfolding worldwide,” said Romanian cybersecurity company Bitdefender, where analyst Bogdan Botezatu said that it appeared to be nearly identical to GoldenEye, one of a family of hostage-taking programs that has been circulating for months. Some analysts were calling the new form of ransomware Petya. It’s not clear whether or why the ransomware has suddenly become so much more potent, but Botezatu said that it was likely spreading automatically across a network, without the need for human interaction. Such self-spreading software, often called “worms,” are particularly feared because they can replicate rapidly, like a contagious disease.
“It’s like somebody sneezing into a train full of people,” Botezatu said. “You just have to exist there and you’re vulnerable.”

The world is still recovering from a previous outbreak of ransomware, called WannaCry or WannaCrypt, which spread rapidly using digital break-in tools originally created by the US National Security Agency and recently leaked to the
web.

Similar News