Ukraine Businesses Hit by Petya Ransomware

Multiple businesses in the Ukraine have been hit by a new ransomware variant, said to be related to the Petya family.

Ukraine Businesses Hit by Petya Ransomware

Multiple businesses in the Ukraine have been hit by a new ransomware variant, said to be related to the Petya family.

According to early reports, freight company Maersk is among those who have confirmed that its IT systems are down “across multiple sites and business units”. Also reportedly affected are the banks, power grid companies including the state-owned Ukrenergo and Kyivenergo, postal service, government, media, airport and cell providers.

A Ukrenergo spokesperson told Forbes that power systems were unaffected, saying: "On June 27, a part of Ukrenergo’s computer network was cyber-attacked. Similarly, as it is already known with the media, networks and other companies, including the energy sector, were attacked. Our specialists take all the necessary measures for the complete restoration of the computer system, including the official [website]."

A picture of an infected PC was posted by Kiev Metro Alerts, which tells the victim that “your files are no longer accessible, because they have been encrypted” and that ‘nobody can recover your files without our decryption service’ which comes at a cost of $300 worth of Bitcoin.

According to early research by BitDefender, the variant has two layers of encryption: one that individually encrypts target files on the computer and another one that encrypts NTFS structures. This approach prevents the victim’s computers from being booted up in a live OS environment and retrieving stored information or samples.

Research by Kaspersky Lab has revealed this to be a variant of the Petya ransomware, which returned with a rebranded version named GoldenEye in 2016.


Infosecurity will continue to follow the story as it breaks and publish any updates. 

Source

Advertisements