The computer virus that is affecting companies and institutions around the world is a new variant of ransomware called Nyetya — WannaCry’s bad cousin — according to networking and security major Cisco. The new cyber attack started massively affecting dozens of companies and institutions in the world, beginning with Russia and Ukraine on Tuesday, and now spreading to Asia and Australia on Wednesday. Cisco’s Talos cyber security division reported that its research shows that this strain of computer virus “uses the same Eternal Blue exploit – a vulnerability used by the US National Security Agency (NSA) – and other weaknesses of Microsoft’s operating system to spread”, Efe news reported.
Nyetya is also very similar to WannaCry, the ransomware that affected 200,000 people in 150 countries in May, encrypting data on infected computers and asking for a ransom to recover them, said Talos cybersecurity executive Craig Williams. However, in the case of the virus emerging on Tuesday, which is quite “different” from the Petya virus, its infection “will spread very quickly if the ‘bad guys’ behind it decide to do so,” Williams said.
On Wednesday several companies in the Asia Pacific region, like the Mondelez owned Cadbury chocolate factory in Hobart, Tasmania, and the global law firm DLA Piper were affected. The Hong Kong website of DLA Piper published an important note to clients saying “We are currently dealing with a serious global cyber incident” adding that “we have taken down our systems as a precautionary measure which will mean you are currently unable to contact us by email or landline.”
According to Cisco, Nyetya is “WannaCry’s bad cousin” and “initial vector identification has shown that the virus is more defiant.” Williams ruled out that “an e-mail vector” was the initial propagation factor. Some of the affected companies and institutions have claimed that the virus has disabled their e-mails and, therefore, prevented them from contacting the cybercriminals to recover their information after their computers were disconnected.
The threat does not have “a known, viable external spreading mechanism – such as the Internet,” so “it is possible that some infections may be associated with software update systems for a Ukrainian tax accounting package called MeDoc”, according to Williams.