New Ransomware Attack Is Quickly Spreading Across Europe, U.S.

A new ransomware attack quickly spread across the globe and brought businesses to a close on Tuesday, just a few weeks after the WannaCry campaign crippled systems around the world.

News of the attack was first reported in Ukraine, where it hit the country’s central bank, state telecom service, a major airport in Kiev, and even the Chernobyl nuclear power plant. The ransomware has since spread to 2,000 Windows-powered systems in Ukraine, Russia, Spain, France and the United States, The New York Times reported.

Initial reports of the attack from cyber security companies seem to indicate that the malware is a variation of Petya, a strain of ransomware identified last year that spreads via malicious cloud storage links — though there’s some disagreement on that fact. Additionally, Symantec, has confirmed that the ransomware in today’s attack uses EternalBlue, an exploit believed to have been stolen from the NSA and leaked by a group called the ShadowBrokers. Some companies that have been hit include U.S. pharmaceutical firm Merck, Danish shipping company Maersk and French construction company Saint-Gobain.

Like most ransomware, the latest attack encrypts users’ files and then demands a payment — reportedly of $300 — to decrypt them. There are still a handful of questions left unanswered about the malware, such as who is behind this latest attack, why it’s spreading as quickly as it is, or which systems are safe. To complicate matters, Posteo, a German email provider, has blocked the attacker’s email address, meaning that even users who have paid the ransom can no longer contact the attackers to get their files decrypted, Gizmodo reported. Blockchain records show that 32 transactions have been made thus far to the attacker’s bitcoin wallet. Microsoft has since announced that it is investigating the attack, and “will take appropriate action to protect customers.”