New Massive Ransomware Attacks Petya, Hits European Region Anew

After the massive cyber attack caused by WannaCry, there is another huge attack online caused by the latest ransomware known as Petya. This particular issue is recently affected different banks, businesses, airports and other companies in the European region.

According from the news of Reuters, the investigation is ongoing but they cannot yet provide information on who is behind this another massive attack over the Internet. However, Group-IB suspects that this has something to do with the simultaneous attack in Ukraine and Russia to the targeted victims.

Group-IB is a security agency based in Moscow, Russia.

The report likewise revealed that this newest Ransomware attack might affect other businesses and companies based in America, Denmark and Spain.

From the affected countries, it appears that Ukraine is the most troubled victim because many businesses here are attacked by Petya. From the shared information, the municipal metro, Central Bank of Unkraine, Boryspil Airport in Kiev and the state telecome had compromised their systems after the attack.

Moreover, the attack forced the Chernobyl nuclear power plant to perform manual radiation monitoring and even some of the ATMs around the country.

Besides Ukraine, there are reports about the attacks in Russia affecting Damco (a logistic arm in Russia), Rosneft (an oil firm in Russia) and Maerks (a known Danish shipping line). On the other hand, the investigation does not yet confirm the extent of the damage caused by Petya. In the United States, some of the reported businesses and companies affected by the latest attack include DLA Piper (a law office in the US), Merck (a pharmaceutical company) and a hospital in Pittsburgh, as detailed by The Verge.

In line with this issue, there are concern people and companies that already posted their opinions about the attack through different social media websites.

Like Rosneft, it tweeted on Tuesday that the attack hit their servers and hoping it will not affect the court procedures. Ukraine’s Boryspyl Airport Director Yevhen Dykhne released his own statement saying that due to the hacking incident, there are possible delayed flights already.

He likewise stated as quoted by the news that, “We kindly urge you to be understanding, keep calm.” Adding that, “Current information about the departure times can be found on the scoreboard in terminal.”

Based on the statement of the chatter through Twitterverse, those people behind the attacks are demanding ransom money amounting to $300 (worth of Bitcoin) to their victims. In the included short message to the victims, they are urging them to send the payment through a particular Bitcoin Wallet ID in exchange for the installation key, according from the news.

The authorities and investigators from the different affected countries are checking the problem and monitoring the situation cautiously.

 

Credit image: Heavy.com

Chinese Security Firms Defends China, Not Involved in WannaCry Attack

After the cyber crime incident in May about the outbreak of WannaCry ransomware, the Chinese security firms believed that it is not right to involved China because it has nothing to do with it.

Qihoo 360 stated that the analysis of Flashpoint must not be taken seriously.

The previous cybercrime incident last month affected more than 300,000 computer units and electronic gadgets worldwide. Some of these units are owned by the NHS, which somehow disappoint many people who are knowledgeable about it.

According from the shared news report online, Flashpoint is trying to pinpoint China as responsible for the ransomware attack in May. On the other hand, Symantec is pinpointing North Korea as the main culprit for the attack. Unfortunately, the authorities are having trouble in identifying the exact cyber attackers and might still operate to continue their wrongdoings.

Based on the revealed information, the analysis samples bout the malware have positive connections between the codes they use in the WannaCry. The codes likewise are very similar to those utilized in 2014 to hack the Sony Pictures as well as the 2016 $81 million bank attack that involved the Bangladesh Bank.

This affirmation came from Symantec as detailed by the news online.

On the contrary, Flashpoint is trying to insist that there are Chinese native speakers who are responsible in the latest malware attack. Based on their analysis, at least a pair of Chinese versions came out from the Google Translate when they reviewed the ransom messages. There is also a single English version on the translation, as stated by the company and quoted by the news. In addition to these, the versions from Chinese language are more suspicious because the messages are very substantial when evaluating the format, tone and content.

“More generally, the note makes use of proper grammar, punctuation, syntax, and character choice, indicating the writer was likely fluent or at least native. There is, however, at least one minor grammatical error which may be explained by auto-complete, or a copy-editing error,” Flashpoint said.

On the other hand, Zheng Wenbin is reminding people that they must not consider the analysis of Flashpoint as a serious matter because they do not have enough proofs to confirm their allegation against China.

According to him during an interview with Xinhuanet, tracking down different languages must be through the code traits and doing the process in a correct and professional manner.

Wenbin is the current Chief Security Engineer of Qihoo 360.

As for the deputy chief engineer of Antiy Labs Li Bosong, it appears that the analysis provided by Symantec is substantial and must pass the approval of the experts in cyber security before they make a conclusion.