Major global companies reported that they had been targeted, including British advertising agency WPP (), Russian oil and gas giant Rosneft, global shipping company FedEx and Danish shipping firm Maersk.
“Operations of its TNT Express subsidiary were disrupted by a virus.”
“Like many other companies worldwide, TNT Express operations have been significantly affected by an information system virus.”
Patrick Fitzgerald, SVP FedEx integrated marketing and communications, said:
“No data breach is known to have occurred.”
Maersk issued a statement that:
“Its tech systems are down across multiple sites and business units due to a cyberattack.”
U.S.-based pharmaceutical company Merck () said on Twitter:
“We confirm our company’s computer network was compromised today as part of global hack.”
Popular Law firm named DLA Piper said:
“It had taken down its systems in response to a serious global cyber incident.”
Source of the Attack
According to CNN, The source of the attack is not yet clear. It is similar to WannaCry, which spread globally in May, but there are differences. Both asked victims to pay Bitcoin to get their files back, and both use a similar flaw to spread through networks.
Moscow-based cybersecurity firm Group IB estimated Tuesday that the virus affected about 80 companies in Russia and Ukraine. The ransomware infects and locks a computer, and then demands a $300 ransom to be paid in Bitcoins.
According to Symantec, the ransomware is a variant of Petya, a known ransomware.
As per the Kaspersky Lab, preliminary findings indicate the attacks are from a new ransomware that it’s now calling “ExPetr.”
According to researchers, these attacks use a Windows flaw called EternalBlue to spread through corporate networks. WannaCry also leveraged the EternalBlue exploit, which was leaked as part of a trove of hacking tools believed to belong to the NSA. Microsoft (, Tech30) issued a patches for the exploits in March.
Microsoft said it found that the ransomware is using multiple techniques to spread, including one that was addressed by the security patch released in March. It is continuing to investigate.