A massive cyberattack is spreading around the world right now, with companies telling employees to go home as their machines are hit by malicious software.
Some of the attacks look similar to the WannaCry outbreak, which spread to 99 countries and caused chaos.
And multiple security experts said this new attack uses the same software exploit developed by the National Security Agency.
Here are the companies and organisations impacted by the new outbreak so far:
- Advertising giant WPP
- Government departments in Ukraine
- Dutch logistics firm Maersk
- Kiev airport
- Russian oil firm Rosneft
- Mondelez, the confectionary firm which owns Cadbury, has also reported IT issues
- The Madrid office of law firm DLA Piper
- US pharmaceutical firm Merck
- There’s an early report suggesting the Ukrainian nuclear plant Chernobyl has “switched to manual” radiation monitoring due to the attack
Ukraine first reported that a cyberattack was impacting banks, government departments, and other institutions.
Even supermarkets were affected, as this photo from Ukraine’s second-largest city of Kharkiv shows:
Супермаркет в Харькове pic.twitter.com/H80FFbzSOj
— Mikhail Golub (@golub) June 27, 2017
The website for Boryspil International Airport in Kiev is not currently reporting arrivals or departures. Ukraine’s central bank said in a statement that it had warned banks and other financial institutions about “an external hacker attack”, and that some were experiencing “difficulty” in day-to-day operations.
And the country’s deputy prime minister Pavlo Rozenko also said ministers had been affected by an attack.
Other companies around the world reported ransomware attacks
Employees of other companies, such as ad holding group WPP, around the world began posting pictures on Twitter of the attack.
Business Insider hasn’t verified individual posts, but there’s a common theme: PC screens showing a message that the user’s files had been encrypted, and that they would need to hand over $US300 (£234) in Bitcoin to decrypt them.
This is called ransomware, in that hackers literally hold your files until you pay up.
The message begins: “Oops! Your important files are encrypted.”
It then goes on to tell the user that they can’t decrypt their files without sending Bitcoin to the hackers. The message gives a Bitcoin wallet address, and asks the user for their own wallet address and key.
WPP confirmed it was under attack in a tweet. Its share price began to fall as news of the attack emerged and was down 1.2% at the time of writing.
The company wrote: “IT systems in several WPP companies have been affected by a suspected cyber attack. We are taking appropriate measures & will update asap.”
Maersk also confirmed it was under attack in a tweet.
Russian oil firm Rosneft said it had been hit by a “powerful” cyber attack.
And confectionary firm Mondelez reported that it had tech problems, though it’s unclear whether this is related to the attack.
Merck also confirmed it had been “compromised” in a “global hack.”
We can confirm that Maersk IT systems are down across multiple sites and business units. We are currently assessing the situation.
— Maersk (@Maersk) June 27, 2017
Business Insider contacted the NHS, which was particularly badly affected by the original WannaCry outbreak.
A spokeswoman for NHS Digital Services said: “There are no known significant cyber security threats currently affecting the NHS.”
Security researchers think the software is very similar to WannaCry
An analyst for security firm Kaspersky identified the ransomware as Petrwrap, or Petya.
Security firm Avira added that Petya makes use of an exploit that may have been developed by the NSA, called Eternal Blue, also used in WannaCry.
Last time, WannaCry was halted from spreading by a 22-year-old British security researcher, who simply registered a domain.
But according to Comae researcher Matthieu Suiche, there’s “no kill-switch this time.”
People have paid £3,500 so far — but they won’t get their data back
While most security researchers agree it’s a bad idea to pay hackers, some people obviously haven’t paid attention.
The Bitcoin address listed on the ransomware demand currently holds around 2 Bitcoins, or around £3,500 at the time of writing.
But anyone paying money after midday won’t be getting their data back, and the hackers probably won’t be getting the money. The email address victims need to contact is run by German service Posteo, which has now blocked the account.
The company said in a statement: “At noon today we learned that Ransomware blackmail is currently providing a posteo address as a contact option.
“Our abuse team checked this immediately — and the mailbox immediately blocked. We do not tolerate any misuse of our platform: The intermittent blocking of abused mailboxes is a normal procedure of providers in such cases. At the time of the blocking, there was no reporting on the ransomware.”
That means hackers haven’t been able to access their emails, and victims can no longer email the account.
Robin Wainwright, executive director of Europol, tweeted that the agency was “urgently responding to reports of another major ransomware attack on businesses in Europe.”