Europe and Russia under siege from a new WannaCry-style cyberattack

27 Jun 2017

Image: BeeBright/Shutterstock

New ransomware attack is worming its way across Europe.

Systems in Europe, and especially in Ukraine and Russia, are under siege from a stealthy new ransomware attack reminiscent of WannaCry.

Russia’s top oil producer, Rosneft, and several banks in the country have been hit. The most severe damage, however, is being reported by businesses in Ukraine, including the central bank and metro system. Kiev’s Boryspil Airport and electricity supplier Ukrenergo have been paralysed by the attack.

Danish shipping giant Maersk has also been hit, saying that systems are down across multiple sites. It is understood the attack may have gotten in through its Russia-based logistics company Damco.

In London, advertising giant WPP is believed to be affected by the malware. Spanish food giant Mondelez and French construction materials player Saint-Gobain have also fallen victim to the cyberattack.

This comes just one month after the WannaCry ransomware hit systems all over the world, knocking the UK’s NHS offline.

Moscow-based cybersecurity firm Group-IB said the attack appears to be coordinated, with an emphasis on organisations in Russia and Ukraine.

Ransomware identified as Petrwrap, a strain of Petya

Kaspersky Labs researcher Costin Raiu has identified the malware as Petrwrap, a strain of the Petya ransomware investigated by the firm in June.

Some reports indicate that the ransomware is targeting the same Windows SMB weakness exploited by WannaCry, which infected more than 300,000 Windows systems worldwide.

WannaCry is understood to be based on cyber warfare weapons stolen from the NSA, which were released by the Shadow Brokers.

Microsoft has since patched the vulnerability but, in recent days, new victims have emerged.

These include the Honda Motor Company, and about 55 speed and traffic light cameras in Australia.

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years