Russia In The Spotlight As Second Wave Of Ransomware Grips Globe

Experts said it wouldn't take long for a brand-new cyberattack to cripple computers around the world. They were right.

Just weeks after a ransomware virus called “WannaCry” hit the world, a new wave of cyberattacks hit roughly 150 countries Tuesday, with the heaviest concentrations of compromised systems in Ukraine, Russia, Italy, Germany and Poland.

As government institutions and businesses scrambled for patches, fixes and, more discreetly, paying ransom demands to unfreeze their locked-up data, questions began to emerge:

Were these the usual band of hooligans — called the Shadow Brokers — who were blamed for the last big assault in May? Or was it a state-sanctioned attempt by a certain hackmaster — we’ll call him VladP — in a bid to unsettle one enemy in particular and a worried Western world in general?

See Also: Blame Game: Definitive Guide To Who’s At Fault For Ransomware Attack

All News Streams Seem To Lead To Russia These Days

“My various sources all are pointing a finger in the direction of Russia, with suggestions that either it is a state-sponsored attack at the Ukraine that went awry, or a commercial effort to discredit a Ukrainian company,” Eugene H. Spafford, executive director of Purdue University's Center for Education and Research in Information Assurance and Security, told Benzinga.

“It could be both. Or neither. Until more evidence is collected we won’t be able to have confidence in assigning blame.”

Ukraine’s cyberpolice and anti-virus companies say the ransomware may have first spread through a rogue update to a piece of Ukrainian accounting software called MEDoc.

Microsoft Corporation MSFT also confirmed some initial infections in the ransomware attacks occurred via Ukraine-based tax accounting software firm M.E.Doc, which develops MEDoc. But it said the bug was planted somewhere in the supply chain.

The WannaCry hackers used a poached hack from the U.S. National Security Agency, which is in the business of exploiting software flaws for intelligence purposes.

“At least two of the mechanisms used by this latest software to spread from machine to machine are well-known,” Spafford said. “One of those issues is the flaw that WannaCry used, and [it] has been patched since March. The other has to do with basic security practice — limiting administrative domains and connectivity.”

Pharmaceutical company Merck & Co., Inc. MRK confirmed its computer network had been affected by the global hack.

See Also: European Banks Driving Bitcoin Boom As Brace Against Ransomware Attacks

More Malware Menaces Almost Inevitable

Spafford said if there is a third such malware released toward the end of the year using that same software flaw, “there will still be many places that don’t (or can’t) patch.”

He pointed out a story from Britain that said the HMS Queen Elizabeth, the Royal Navy’s biggest warship, is still using Windows XP. Some systems are so ingrained in the hardware that simply applying a patch is difficult.

“Complexity, flaws, bad practices and lack of adequate law enforcement response all mean that the environment is friendly to ransomware and other kinds of attacks, and we are likely to see many more in the years to come,” Spafford said.

Spafford says the latest virus appears to be better-written, uses multiple means of spreading and doesn’t contain a “kill switch” that would easily disable it.

'Petya'

The virus has been dubbed “Petya” by some experts who say it bears a resemblance to a ransomware that emerged last year, while others say it's different enough they have dubbed it “NotPetya.”

The hackers demand a ransom in $300 in Bitcoin for the data to be decrypted, and a running gauge of money paid was at $132,625.05.

A Berlin company called Posteo, whose email service was used to help coordinate payments linked to the WannaCry virus, says it blocked an email address after learning it was being used as a contact for the ransomware’s presumed creators.