One month after the planetary chaos caused by the Wannacry ransomware, a new, similar cyberattack is underway as of Tuesday, June 27.
The attack began in Russian and Ukraine and has now extended to the rest of Europe, affecting banks, airports, public transportation and private companies by corrupting the data on their servers and asking for a ransom.
One of the biggest victims of the Petya virus was the metro in Kiev in addition to several supermarkets in the Ukrainian capital, the Russian mining company Evraz, Russian oil company Rosneft, Danish shipping conglomerate Maersk and the Chernobyl plant.
According to the AFP, the system that monitoring radiation levels at Chernobyl was affected. Speaking with the AFP, a spokesperson for the Chernobyl plant explained that the engineers measure radioactivity using Geiger counters on site, as was done dozens of years ago.
While the attack initially affected Ukrainian infrastructures, it was then deployed in western Europe. In France, manufacturing company Saint-Gobain was one of the first victims, followed by grocery store chain Auchan and later BNP bank.
In the United States, the pharmaceutical company Merck was attacked, and in England, publicity agency WPP was affected.
Vulnerability created by the NSA
For the moment, however, no country has been hit as hard as the Ukraine, whose national bank (NBU) and government website have stopped working entirely. Additionally, the Kiev metro can no longer accept debit card payments and the largest airport in the country (Boryspil) is also struggling to maintain service.
In parallel, Ukraine's national postal service (Ukrposhta) and electricity provider (Ukrenergo) have also been victimized, though they are still able to maintain their services.
The virus behind the attacks, named Petrwrap, is a modified version of the Petya program, which was identified in March by the cybersecurity company Kaspersky.
While it's still unclear how the virus gets into systems, it is likely that it enters a user's computer through an email attachment before moving through a company's local network due to the Windows exploit EternalBlue.
EternalBlue was developed and used secretly by the NSA. It was then made public last April by the ShadowBrokers hacking collective before being used in the WannaCry attack.
Once it's in the computer, Petrwrap encrypts all the content using an encryption key, making the data unusable. The program then demands a ransom of 300 dollars, payable in Bitcoin, which may or may not send the user a decryption key to retrieve the data.
The French Network and Information Security Agency (ANSSI) recommends never opening attachments from unknown senders and to never pay the requested ransom.
If you see a red and black screen asking you to pay a ransom, your first reflex should be to unplug your computer to prevent the virus from spreading. After that, all you can do is wait, and hope a patch for the cyberattack is developed quickly, as was the case for the WannaCry attack.
Unfortunately, this is something we will all have to get used to, as global cyberattacks are likely to become a day-to-day occurrence in the near future. And if you're in charge of a network of any kind, please, for the love of god, download these patches for Windows.