A ransomware attack, dubbed the Petya, has caused damage to airports, banks, electricity grids, factories, offices, insurance companies, military and other institutions across Europe.
According to Group-IB, a Moscow-based security company, the attack appears to be targeting victims in Russia and Ukraine, as well as others in Denmark, Spain, Britain and the U.S..
Companies that have been affected include, and not limited to: advertising multinational WPP, France’s Saint-Gobain, Russian steel, mining and oil firms Evraz and Rosneft, and the Danish shipping giant AP Moller-Maersk.
The contagion has also broken the automatic radiation monitoring systems in Chernobyl.
According to F-Secure researcher Mikko Hypponen, Petya takes some file formats in victims' computers as hostages. They include:
The attackers are seeking a ransomware fee of $300 worth of bitcoin from those that are affected. In a message to the victims (shown above), the victims are required to send a certain amount of bitcoin in order to receive their installation key.
After a week, the malware was later dubbed "NotPetya" by Kaspersky Labs due to its nature for being different than the original "Petya".
While it masquerades the Petya ransomware when it demanded money to unscramble hostage data, the mechanism to collect money disintegrated as the malware has less intention on looting victims.
The real Petya was a criminal enterprise for making money, but the Petya here was better designed to spread fast and cause damage. The Petya, or later known as "NotPetya", was built to destroy and not extort.