New malicious software is feared to be highly virulent creating international chaos and disrupting businesses and companies across the globe.
First reports of the cyber-attack originated from the Ukraine; their Government, banks, power and major public transport systems were all affected.
In Australia at 9:30pm on Thursday 27 June 2017, owner of Cadbury chocolate Mondelez was hit by the ransomware with employees faced with a threatening note demanding payment for the safe return of files in an attack similar to the recent WannaCry attack earlier this May.
Affected computers were locked with the same message:
If you see this text, then your files are no longer accessible, because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover you files without our decryption service.
We guarantee that you can recover all your files safely and easily. All you need to do is submit the payment and purchase the decryption key.”
Instructions were provided to send $388 (AUS) in digital currency Bitcoin to a coded address. The email address has since been shut down so victims can no longer pay the ransom.
Major companies affected
The attack halted production for a chocolate factory and affected global law firm DLA Piper’s Australian offices. From its London HQ, DLA Paper made a statement that it would be “taking steps to remedy the issue”.
According to the Guardian newspaper, the cyber-attack affected a number of other companies including:
- Advertising company WPP
- Russian steel and oil firms Evras and Rosneft
- French construction materials company Saint-Gobain
- Danish shipping and transport company AP Moller-Maersk
- Heritage Valley Health System in Pittsburgh
- Transport giant TNT
Many of the companies affected by the cyber-attack have chosen to shut down computer systems to prevent further infection or damage of files. Companies are still struggling to get their systems back up securely and safely.
A “wake-up call”
Dan Tehan, Australian minister for cyber security, said:
“[the attack was] a wake-up call to all Australian businesses to regularly back up their data and install the latest security patches.”
Sadly, it seems like every cyber-attack is a “wake-up call” as organisations repeatedly fail to react to cyber-attacks and fail to take the right steps to protect themselves from being vulnerable.
Even if an affected company is prompted to take real action by patching up vulnerabilities and upping security measures to prevent another attack, it seems that others on the side-lines simply spectate and assume they’re safe. Even with these two recent global cyber-attacks halting business activities around the world, not all companies are immediately “waking up” and taking action.
Companies and individuals alike fail to appreciate the pain of a cyber attack unless they get hurt themselves.
When comparing this Peyta ransomware to the WannaCry one in May, the main difference is that Peyta has “the ability to spread, even if a computer has been patched”, according to Mike Sentonas from cybersecurity company CrowdStricke Inc. The hero who halted the WannaCry ransomware in May has given his insight on the Peyta version here.