The second global outbreak of file-encrypting malware in as many months sees cyberattackers having designed potent, rapidly spreading malicious code far faster than organizations have been shoring up their defenses.
On Wednesday, computer security experts were analyzing how ransomware – an apparent variant of previously seen malware known as Petya – first struck organizations in the Ukraine. The malware quickly spread across Europe, Asia and North America, including Russian oil producer Rosneft, a Cadbury chocolate factory in Tasmania and global shipping giant Maersk (see Another Global Ransomware Outbreak Rapidly Spreads).
Microsoft said Tuesday that it had seen infections affecting more than 12,500 machines in 65 countries.
“The new ransomware has worm capabilities, which allows it to move laterally across infected networks,” Microsoft says. “Based on our investigation, this new ransomware shares similar codes and is a new variant of [Petya]. This new strain of ransomware, however, is more sophisticated.”
The new Petya variant includes clever improvements on WannaCry, the ransomware worm that began attacking Windows systems on May 12, ultimately spreading to 300,000 machines. For example, whoever created the latest version of Petya apparently revamped it with new capabilities that allow it to infect even up-to-date Windows systems running the latest software patches.