The “Petya” cyber attack locks Windows users out of their computer, supposedly until they pay for a key. All Windows computers across Ukraine have been affected by the virus. In a matter of hours, the ransomware had spread worldwide.
“It’s believed the latest attack might be a ransomware virus called Petya and hidden in an innocuous document sent through email. It freezes a user’s computer until a “ransom” is paid in virtual currency bitcoin. It spreads apparently by having a ‘bad’ instruction — like a small piece of computer code — hidden inside a Word or PDF document. This bad instruction attacks a Windows operating system basically taking over a computer — in this case it seizes the files and encrypts them and then the bad guys ask for money to decrypt — this means you cannot open or read your own files. It’s also been suggested to have used the same tactics as the Wannacry attack last month.” - ABC
The ransomware has been confirmed to have originated in Ukraine. It started spreading on 18 June (or earlier) as an update for a popular M.E.Doc accounting software package.
“In connection with the irregular situation, some flight delays are possible,” Boryspil Airport director Yevhen Dykhne wrote in a Facebook post. Some of the airport’s departures were delayed by over 2 hours due to the attack according to this flight board: http://www.flightstats.com/go/FlightStatus/flightStatusByAirport.do?airport=KBP.
International courier company TNT said it was assessing whether the same attack was responsible for “interference” in its IT system.
“Like many other companies and institutions around the world, we are experiencing interference with some of our systems within the TNT network,” it said in a statement.
Ukrainian Deputy Prime Minister Pavlo Rozenko said the government’s computer network had gone down and posted a picture on Twitter of a computer screen with an error message.
I’m not too sure this meme was a good reaction to the attack… (click below)
Updates for Boryspil Airport and TNT:
All users affected by the attack are warned not to turn on their computers. Companies affected include:
- TNT Express
- Mondelez (and Cadbury)
- DLA Piper
- Heritage Valley Health System
- And others (this list is growing unfortunately)
Heat map of computers affected by Petya, detected by McAfee software (map may be inaccurate - results also depend on the amount of users of McAfee software in each country)
Full Petya run down: