A type of ransomware researchers have identified as Petya (also called Petrwrap) began spreading internationally on Tuesday. Reported victims so far include Ukrainian infrastructure like power companies, airports, public transit, and the central bank, as well as Danish shipping company Maersk, the Russian oil giant Rosnoft, and institutions in India, Spain, France, the United Kingdom, and beyond.
What makes the rapid escalation of Petya both surprising and alarming is its similarity to the recent worldwide WannaCry ransomware crisis, primarily in its use of NSA exploit EternalBlue to spread through networks.
“It is definitely using EternalBlue to spread,” says Fabian Wosar, a security researcher at the defense firm Emsisoft, which specializes in malware and ransomware. “I confirm, this is a WannaCry situation,” Matthieu Suiche, the founder of security firm Comae Technologies, wrote on Twitter.
