A Ransomware Outbreak Is Infecting Computers Across the World Right Now

in #ransomware8 years ago

A quickly-spreading, world-wide ransomware outbreak has reportedly hit targets in Spain, France, Ukraine, Russia, and other countries.

On Tuesday, a wide range of private businesses reportedly suffered ransomware attacks. Although it is not clear if every case is connected, at least several of them appear to be related to the same strain of malware.The attacks bear some resemblance to the recent WannaCry outbreak, in which thousands of computer systems were locked down with ransomware around the world. 

Motherboard has seen several reports of infections shared by victims on Twitter. We were not able to immediately confirm the veracity of the reports, but several security researchers and firms also reported the attacks.

"We are seeing several thousands of infection attempts at the moment, comparable in size to Wannacry's first hours," Costin Raiu, a security researcher at Kaspersky Lab, told Motherboard in an online chat.

Judging by photos posted to Twitter and images provided by sources, many of the alleged attacks involved a piece of ransomware that displays red text on a black background, and demands $300 worth of bitcoin.

"If you see this text, then your files are no longer accessible, because they are encrypted," the text reads, according to one of the photos. "Perhaps you are busy looking for a way to recover your files, but don't waste your time. Nobody can recover your files without our decryption service."

Raiu believes the ransomware strain is known as Petya or Petrwrap, a well-known type of ransomware. Researchers at MalwareHunterTeam, a research group focused on ransomware, told Motherboard in a Twitter direct message they believed the attack was from the same malware family as the one identified by Raiu. Like other types of ransomware, the malware seen Tuesday encrypts files on a user's system; hackers say they will give victims the encryption key in exchange for bitcoin.

According to a tweet from anti-virus company Avira, the Petya attacks were taking advantage of the EternalBlue exploit previously leaked by the group known as The Shadow Brokers (Motherboard could not independently confirm this at the time of writing). EternalBlue is the same exploit used in the WannaCry attacks; it takes advantage of a vulnerability in the SMB data-transfer protocol, and Microsoft has since patched the issue. However, whether customers apply that patch is another matter.

An image of the alleged ransomware screen provided to Motherboard.

Spanish outlet El Confidencial reported hackers had hit the Madrid office of DLA Piper, a global law firm. One person familiar with the attack sent Motherboard a photo of an infected computer the source said was in DLA Piper's Washington DC office, and claimed that employees had been told to leave their workstations (neither the DC or Madrid office immediately responded to phone calls).

Hackers also attacked a Ukrainian media company, according to a local report from 24tv, one of the company's outlets.

The hackers who control the email account posted in the ransomware message did not immediately respond to a request for comment.

Security researchers from Kaspersky Lab reported that the ransomware hit Russia, Ukraine, Spain, France, among others. Several people on Twitter reported witnessing or hearing reports of the outbreak in their respective countries, and across a wide range of industries. Companies around the world also reported computer outages.

Chris Sistrunk, a security researcher at Mandiant, said that it looks like there's "another global outbreak attack."

This is a developing story and we will update it as we learn of new details.

https://motherboard.vice.com/en_us/article/qv4gx5/a-ransomware-outbreak-is-infecting-computers-across-the-world-right-now


![1498572282173-shutterstock_429448807.jpeg]()
Sort:  

Thanks for this news