Does this sound familiar? On June 27, news outlets began reporting on a ransomware attack that was spreading like wildfire, hitting over 300,000 devices across over 150 countries and counting. The attack utilized the EternalBlue exploit that was stolen from the NSA and released by the group Shadowbrokers, targeting SMB vulnerability CVE-2017-0144 to spread across multiple systems.
Ukraine’s government, National Bank, its transportation services and largest power companies are bearing the brunt of what appears to be a massive ransomware outbreak that’s fast spreading across the world and hitting a significant number of critical infrastructure providers.
Whispers of WannaCry abound, though some security experts said on Tuesday that a different breed, named Petya, was to blame. “[We’re seeing] several thousands of infection attempts at the moment, comparable in size to WannaCry’s first hours,” said Kaspersky Lab’s Costin Raiu, who added that the infections are occurring in many different countries. Another firm, BitDefender, said it believed a similar strain called GoldenEye was responsible. Later, security firms, including Kaspersky and Avast, said the malware responsible was actually an entirely new ransomware that had borrowed Petya code.