The attack didn't stop at Maersk. Ukraine was hit hard, with part of it's electricity network being disabled, and government services and banks ransomware'd .
In Russia, the state oil company Rosneft was attacked.
According to Christiaan Beek, researcher at McAfee, the attack is comparable in scale to last may's wannacry attack.
Among others, the Ukraine, Germany, Russia, Poland, Spain, the US, Danmark and the Netherlands have so far been hit by the rapidly spreading attack. There's no reports of it affecting Asian countries.
McAfee is still analyzing the attack, but they do believe that it is an attack using two different variants. One variant encrypts a limited amount of files, while the other variant shuts down the entire system. Again, it's Windows machines that are vulnerable. It is not yet known wich versions are vulnerable.
It looks like part of the virus' code makes the Windows machine crash. When it is rebooted, the ransomware takes over the system and encrypts every file, demanding ransom to unlock.
Trend Micro is also investigating. Lead researcher Albert Kramer calls it 'a very interesting attack'. On the one hand, the virus is smart like wannacry, for example by taking timezones and language settings into account while spreading. But on the other hand, it uses a single static bitcoin adress to which payments are to be made.
"That is really weird. There is no reason to do that. Using only one static adress, it is impossible to tell who made a payment."
So far, not many payments have been made. At 18:oo GMT, only 13 payments were made.
Both McAfee and Trend Micro suspect that the attackers may not be in it for the money. "Perhaps it is a diversion", Kramer specualtes.
Author
Topic: Things that made you absolutely terrified today (Read 2010824 times)