Ransomware Attack Sweeping the Globe

30 June 2017

Another global cyber attack was activated Tuesday, June 27, leaving companies across Europe, Australia and the United States struggling to respond.

This outbreak may be the most sophisticated of a series of attacks initiated after hacking tools were stolen from the NSA (National Security Agency) and leaked online in April. Similar to the WannaCry attacks in May, the most recent hack involves taking control of computer systems and asking users for digital ransom in order to regain access.

According to a spokesperson from Microsoft, the latest software update used to patch EternalBlue — the Windows software vulnerability that caused previous attacks — should protect against this attack. However, the companies affected may have failed to properly install it. As of Wednesday morning, the following companies had been affected:

  • Ukrainian institutions that include the Infrastructure Ministry, postal service, central bank and the country’s largest telephone company
  • Russian oil company Rosneft
  • The world’s largest container-shipping company A.P. Moller-Maersk
  • U.S. pharmaceutical giant Merck
  • U.S. food company Mondelez International
  • French bank BNP Paribas
  • French construction materials company Saint-Gobain
  • British marketing company WPP
  • German railway company Deutsche Bahn

Although the perpetrators of this outbreak are still unknown, computer specialists have noticed similarities between the ransomware used in this attack and last year’s Petya attack. Like WannaCry, Petya is a quickly spreading worm that affects vulnerable systems. Unlike WannaCry, Petya has multiple ways to spread. This could explain why even victims who applied the EternalBlue patch were affected.

If the most recent attack is related to Petya, it could be far more damaging than WannaCry. Unlike WannaCry, Petya lacks a kill switch to prevent it from spreading. In addition, Petya locks and encrypts entire hard drives, while WannaCry only locked individual files.  

We will continue to monitor the situation.

If you require further details on how to avoid disruptive business interruptions from cyber attacks or discuss risk transfer options, please contact Martin Delaney, Senior VP, Leader, Cyber & Risk Management Services at ClientFirst@jltcanada.com

This document is published for the benefit of clients and prospective clients of Jardine Lloyd Thompson Canada Inc. It is intended only to highlight general issues relating to the subject matter which may be of interest and does not necessarily deal with every important topic nor cover every aspect of the topics with which it deals. If you intend to take any action or make any decision on the basis of the content of this newsletter, you should first seek specific professional advice.