Skip to main content

New WannaCry-like ransomware attack is in the wild, affecting PCs globally

ransomware wannacry exploit attacking pc 46650591  hands with laptop typing in night
The WannaCry ransomware attack became a worldwide problem a few weeks ago, with more than 700,000 machines infected and numerous organizations held hostage. One of the most important lessons to derive from the attack’s severity and its widespread impact was that it involved a vulnerability that was already patched in current versions of Windows.

That means that anyone running a fully updated, current version of Windows was protected against this particular attack. And now, the same vulnerability is being reported at the center of a new global ransomware attack, security specialist Graham Cluley reports.

The newest attack appears to be based on the Petya or Petrwap malware that is based on the same Eternal Blue exploit that was created by the National Security Agency (NSA) and that was involved with WannaCry. That exploit was patched by Microsoft in March on systems dating from Windows XP and later, even though older versions like XP and Windows Vista are no longer supported even for security patches.

Symantec analysts have confirmed #Petya #ransomware, like #WannaCry, is using #EternalBlue exploit to spread

— Security Response (@threatintel) June 27, 2017

That means that anyone who is infected by the newest attack is running either a very old and unpatched version of Windows or a newer version that is not been updated with the latest security patches. Apparently, according to Reuters and other news outlets, this includes a variety of organization including a bank and a shipping company, among others.

The text that the new ransomware displays outlines the nature of the attack quite clearly:

“Ooops, your important files are encrypted.

If you see this text, then your files are no longer accessible because they have been encrypted. Perhaps you are busy looking for a way to recover your files, but don’t waste your time. Nobody can recover your files without our decryption service.

We guarantee that you can recover all your files safely and easily. All you need to do is submit the payment and purchase the decryption key.”

As Ukraine’s Deputy Prime Minister Pavlo Rozenko tweeted, the attack begins with a thorough encryption process that comes across as oddly considerate of a user “inadvertently” losing data by shutting off the affected PC:

Та-дам! Секретаріат КМУ по ходу теж "обвалили". Мережа лежить.

— Rozenko Pavlo (@RozenkoPavlo) June 27, 2017

According to Ars Technica, there are even unconfirmed reports that fully patched machines are suffering from the attack. If true, then that would make it different from WannaCry in terms of who is affected. However, the payment is a similar $300 in Bitcoin, and the new attack also goes a step further in also stealing credentials that are stored on the affected machine.

There are still many uncertainties around this latest attack, but a few things remain certain. First, you should have a good backup system in place, including maintaining an offline backup of your important files that can’t be touched by malware such as this. Second, you should ensure that all of your machines are running supported operating systems that are fully up to date on all security patches.

While this new ransomware might end up being something completely new and it might affect fully patched systems, those two steps remain important advice to follow.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
The 23andMe data breach just keeps getting scarier
A 23andMe kit

The 23andMe breach that took place in October has been confirmed as much worse than originally reported, affecting 6.9 million people, as opposed to the 14,000 users first thought.

Information stolen in the breach included users' full names, birth years, relationship labels, and locations. Approximately 1.4 million users also had Family Tree profile information on the service compromised. Hackers could also access genetic information in the breach, including details about common DNA percentages shared with relatives, and specifics such as chromosome matching, according to a spokesperson.

Read more
Apple has a chance to fix its worst product next year
Magic Mouse next to a Mac keyboard on a desk.

Apple updated all of its Mac desktops in 2024, but left the worst part untouched: the accessories. In particular, we're talking about the infamous Magic Mouse. The mouse has been dunked on for years at this point, often pointed to as an example of the worst of Apple's design ethos. Despite all the positive changes to Macs over the past few years, the Magic Mouse has remained stagnant.

A new report, however, indicates that the Mac accessories will undergo a major change in early 2024. The Magic Keyboard, Magic Trackpad, and Magic Mouse will reportedly all be moving to USB-C to match the latest iPhone, after having previously used the Apple-exclusive Lightning connection. This seems like an obvious change that probably should have happened earlier. In fact, it was even rumored to happen in time for the launch of the M3 iMac -- but it didn't.

Read more
Apple has a chance to fix Mac gaming for good in 2024
Lies of P being played on an iMac.

Looking back, 2023 was a banner year for Mac gaming. As a gamer, it feels really surreal to say that, given how disappointing the past has been. But it’s true -- and for the first time in a long time, the sun is shining on Mac gamers.

We’ve had the M3 series of chips with hardware ray tracing, mesh shading, and improved GPUs. On the software side, Apple has built-in tools like Game Mode and a game porting toolkit into macOS. And some massive games have come to the Mac, including Baldur’s Gate 3 and Lies of P.

Read more