Computer systems across the globe were hit with a massive ransomware attack on Tuesday, extending from Russia to the U.S., which had similarities to an international cyber attack in May that impacted tens of thousands of computers, according to the New York Times.
The Ukrainian government said that "several of its ministries, radiation monitoring at the Chernobyl nuclear facility, local banks and metro systems had been affected," the Times reported. Danish shipping-giant Maersk, Russian energy company Rosneft, French construction materials company Saint-Gobain and British advertising agency WPP also claimed to have been targeted.
U.S. Big Pharma company Merck and multinational law firm DLA Piper "confirmed that its global computer networks had been hit," according to the Times.
It is not yet known who is responsible for the cyber-attack; indeed, the perpetrators of May 2017's WannaCry attacks have not been found yet, either. "We are urgently responding to reports of another major ransomware attack on businesses in Europe,” Rob Wainwright, executive director of Europe's police agency Europol, tweeted.
Ransomware attacks lock users out of their system and force them to pay a ransom fee to unlock their computers and files. Tuesday's ransomware attack gave victims this message on their screen: "Oops, your important files have been encrypted. If you see this text then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking to recover your files but don’t waste your time."
Cybersecurity researchers believe this attack may be a variation of a ransomware strain called Petya. As the New York Times reported today:
One researcher from the Moscow-based cybersecurity firm Kaspersky Lab reported the new ransomware was a strain of Petya first identified in March 2016. Kaspersky found evidence that the latest strain had been created on June 18, suggesting it has been hitting victims for more than a week. But Kaspersky also said it was still investigating the attack and that it could be a new type of ransomware that has never been seen before.
According to Kaspersky, roughly 2,000 computers had been infected. The Times reported that Symantec, a Silicon Valley cybersecurity firm, confirmed one of the exploits used was known as "Eternal Blue" — leaked last April by the Shadow Brokers "who have previously released hacking tools used by the National Security Agency," according to the Times.
Notable whistleblower Edward Snowden pointed out on Twitter that the NSA had "kept open the hole" for nearly five years, without notifying Microsoft. The NSA-linked tools appear to have been used in both Tuesday's attack, as well as the attack in May.