One month after the massive global WannaCry ransomware attack, “a new and highly virulent outbreak of malicious data-scrambling software appears to be causing mass disruption across the world, hitting companies and governments in Europe especially hard,” the Associated Press reported on Tuesday.
Officials in Ukraine reported serious intrusions of the country’s power grid as well as at banks and government offices, where one senior executive posted a photo of a darkened computer screen and the words, “the whole network is down.” The prime minister cautioned that the country’s “vital systems” hadn’t been affected, AP added.
Russia’s Rosneft oil company also reported falling victim to hacking and said it had narrowly avoided major damage, as did Danish shipping giant A.P. Moller-Maersk. Anders Rosendahl, a spokesman for the Copenhagen-based shipping group said that it the cyberattack “has affected all branches of our business, at home and abroad.”
The attack was confirmed to have spread beyond Europe when U.S. drugmaker Merck, based in New Jersey, said its systems had also been compromised, AP reported.
“The number of companies and agencies reportedly affected by the ransomware campaign was piling up fast, and the electronic rampage appeared to be rapidly snowballing into a worldwide crisis,” AP said. “There’s very little information about what might be behind the disruption at each specific company, but cybersecurity experts rapidly zeroed in on a form of ransomware, the name given to programs that hold data hostage by scrambling it until a payment is made.”
Graeme Newman, chief innovation officer at CFC Underwriting Ltd., said in a statement on Tuesday that “we had an early warning shot last month as WannaCry spread like wildfire globally. However, in actual terms, it inflicted relatively little damage. Petya, however, seems to be different,” he said, referring to what some analysts are calling the new form of ransomware.
“This new breed of ransomware looks much more dangerous, already causing chaos for businesses around the world and early indications suggest that this could cost organizations ten times more than WannaCry,” Newman continued. “In terms of its global impact, we’re already seeing claims coming in from the U.S. and are bracing ourselves for claims from other countries in the next few hours.”
Newman added that ransomware is the “tactic for choice for cybercriminals at the moment,” noting that in the first quarter of 2016, ransomware accounted for 12.9% of CFC’s cyber insurance claims, but this number “jumped massively” to 20.5% of claims in the first quarter of 2017. “Fighting ransomware, however, becomes a much more complex battle to face considering that the cost of the ransom can actually be minimal compared to the cost of the ‘clean up’ operation,” he said. “Claims for this type of attack can quickly spiral out of control when the costs of system damage and business interruption are tallied. It’s easy to see how this new wave of attacks could end up costing businesses millions.”
In mid-May, RMS called the WannaCry ransomware attack “arguably the first ever cyber-catastrophe.” Tom Harvey, an expert in cyber risk management at RMS, said that the cyberattack resulted in hundreds of thousands of infected machines across more than 150 countries.
In the attack, hackers demanded payment from victims in the digital currency Bitcoin to regain access to their encrypted computers. The malware scrambled data at hospitals, factories, government agencies, banks and other businesses, the Associated Press reported at the time. Countries/territories affected included China, the United Kingdom, Japan, Russia, Saudi Arabia and Taiwan, among others. The Canadian Press reported at the time that Quebec’s Université de Montreal was monitoring its IT network after about 120 of the school’s computers were allegedly infected with the WannaCry malware.