A massive ransomware attack has hit businesses around the globe, causing major companies to shut down their computer systems.
Researchers are still investigating the software behind the attack, warning that will the item’s more sophisticated than the WannaCry worm that will struck hundreds of thousands of computers across the globe last month.
“WannaCry was a tremendous failure. the item was a lot of noise, very little money, along with everyone noticed the item,” said Craig Williams, an expert at cybersecurity firm Cisco Talos. “What we’re seeing today can be a much more intelligent worm.”
Big global brands — like Mondelez (, the maker of Oreos, along with British advertising giant )WPP ( — say their the item systems are experiencing problems. )
Here’s what you need to know about the attack:
Related: Another big malware attack ripples across the globe
What does the item do?
The ransomware infects computers along with locks down their hard drives. the item demands a $300 ransom inside anonymous digital currency Bitcoin.
The email account associated with the ransomware has been blocked, so even if victims pay, they won’t get their files back.
Law enforcement along with cybersecurity experts agree that will victims should never pay ransoms for such attacks.
Related: Why ransomware attacks keep happening
How does the item spread?
Researchers say the ransomware virus can be a worm that will infects networks by moving via computer to computer.
the item uses a hacking tool called EternalBlue, which takes advantage of a weakness in Microsoft Windows. Microsoft ( released a patch for the flaw in March, nevertheless not all companies have used the item. , Tech30)
EternalBlue was in a batch of hacking tools leaked earlier that will year that will are believed to have belonged to the U.S. National Security Agency.
Related: What can be ransomware?
Who’s been hit?
Top international businesses headquartered in Europe along with the U.S. have come under attack. They include Russian oil along with gas giant Rosneft, Danish shipping firm Maersk, U.S.-based pharmaceutical company Merck along with law firm DLA Piper. French retailer Auchan Group along with the real estate division of BNP Paribas were also affected.
Ukrainian organizations took a particularly heavy blow. Banks, government offices, the postal service along with Kiev’s metro system were experiencing problems, officials said. The ransomware also caused problems with the monitoring system of the Chernobyl nuclear power plant.
Related: Chernobyl monitoring system hit by global cyberattack
the item’s not yet clear if companies inside Asia-Pacific region have been seriously affected.
Mondelez said its several manufacturing facilities in Australia along with brand-new Zealand had all been hit nevertheless some of them were still able to carry out limited production. along which has a Maersk facility for shipping containers inside Indian port city of Mumbai was shut down.
“There obviously are companies that will will have been affected by that will in Asia,” said Michael Gazeley, managing director of Hong Kong-based cybersecurity provider Network Box. “nevertheless the success levels are lower, as they’re attacking the same vulnerabilities as WannaCry.”
Am I vulnerable?
Regular consumers who have up-to-date Windows computers are safe via that will attack, experts say. However, if there’s one out-of-date machine on a company’s network, the item could infect different connected computers.
Where did the item start?
Researchers are still figuring out exactly what happened. nevertheless Cisco Talos says one way the ransomware got into computer systems was through software in Ukraine, a country that will was hit especially hard by the attacks.
A Ukrainian company called MeDoc sent out a compromised update to its tax software that will contained the malware, infecting computers that will were running the item, said Williams, the security expert at Cisco Talos.
Ukrainian officials confirmed a possible link to MeDoc. nevertheless the company denied its software spread the infection, saying in a Facebook post that will the update was sent out last week along with was free of viruses.
Related: Massive malware attack: Who’s been hit
Who’s behind the item?
the item’s still too early to say who might be responsible for unleashing the virus.
Intelligence agencies along with security researchers have linked last month’s WannaCry attack to a group associated with North Korea. nevertheless the item’s unclear if the brand-new ransomware worm can be connected.
How can be that will different via WannaCry?
Like WannaCry, the brand-new ransomware attack uses the EternalBlue tool to spread. nevertheless researchers say the item also uses different parts of Windows to infect computers, including seizing user credentials.
Unlike WannaCry, the item locks down a computer’s entire hard drive instead of just the files. along with the item didn’t shoot across the internet the way WannaCry did — instead, the item spreads inside company networks.
Related: WannaCry cyberattacks are still happening. Just ask Honda.
“the item seems that will the ones in charge of that will campaign have learned quite a lot via the WannaCry campaign,” said Itay Glick, the CEO of Israeli cybersecurity company Votiro.
— Alec Macfarlane, Omar Khan, Anish Gawande, Victoria Butenko along with Bex Wright contributed to that will report.
sy88pgw (San Francisco) First published June 28, 2017: 2:00 AM ET