A month after WannaCry infected millions of computers worldwide, a new ransomware attack has emerged targeted at users across the world, including India and Europe.
According to a report by Economic Times, consumer, shipping, aviation and oil and gas companies were hit on Tuesday in the UK, Russia, France, Spain and elsewhere.
Petwrap, believed to be an advanced version of an old ransomware known as Petya, locked computer screens of as many as 20 companies globally with $300 being demanded to free them up.
ET reports that Mondelez, Merck and Maersk were attacked by the ransomware on Tuesday. Indian subsidiaries of UK and Russia-based oil and gas, energy and aviation companies were also hit.
A Mondelez International spokesperson told ET that the network is experiencing global IT outage and that the team is working to resolve the situation as quickly as possible.”
A Maersk spokesperson told ET that the company’s IT systems are down across multiple sites and business units
In India, Neeraj Bansal, deputy chairman of the Jawaharlal Nehru Port Trust also confirmed that operations at Gateway Terminals India, operated by Maersk Group-owned APM Terminals at the Mumbai-based port, have been impacted.
“They are trying to do what they can manually. They have told us assessing the situation and trying to find a solution as soon as they can,” Bansal told ET.
Mars and Nivea have also been attacked, according to media reports citing Group-IB, which deals with prevention and investigation of cybercrime.
French glassmaker Saint-Gobain and British media company WPP Plc said they were targeted.
Interestingly, another ransomware called Mamba attacked an Indian automobile company and a manufacturing company on Tuesday. A forensic investigator involved in investigating the PetWrap and Mamba attacks told ET that both may have exploited similar software loopholes.
It could not be immediately ascertained how many computers were infected by Petya.
“This ransomware uses the Windows SMBV1vulnerability that WannaCry used,” Sunny Vaghela, director, Tech Defence labs told ET.
He added that the Trojan targets HR departments with emails that have subject lines reading CV, candidate folio, applicant profile etc. Once installed, it encrypts data and restarts the system. After this, the user gets a message asking for $300 to a Bitcoin account. India may face a significant impact.
A Saint Gobain executive said on condition of anonymity: “The entire network has been shut down to prevent the attack. We closed down everything around 5:40 pm. But, I believe manufacturing will continue tomorrow.”