A fast-moving ransomware attack has hit a number of companies in several European countries, the second such widespread ransomware outbreak in as many months.
The attack is using a new variant of the Petya ransomware and there are reports of infections in several countries, including Ukraine, India, France, Russia, and Spain. Security researchers said the Petya variant being used in this campaign uses a fake Microsoft digital signature that was lifted from a legitimate Microsoft utility. The variant appears to be just a few days old and it reportedly uses the same EternalBlue exploit developed by the NSA that the WannaCry ransomware worm used in May.
The Petya ransomware has been around for more than a year and normally spreads through spam emails carrying infected attachments. Researchers have had some success finding ways around the ransomware’s original encryption scheme, but more recent variants have changed up the way they lock up files. Some of the newer versions have been used in targeted attacks in recent months, including an operation earlier this year that used a custom version.
The Petya outbreak comes just a month after the WannaCry ransomware campaign hit companies around the world.