Ransomware attack spreads through Europe

Remember that widespread ransomware attack that happened last month? Something very similar is happening today. This time the attack was first noticed in Ukraine. From the Washington Post:

Ukraine first reported Tuesday’s cyberattacks, saying they targeted government ministries, banks, utilities and other important infrastructure and companies nationwide, airport departure tables and demanding ransoms from government employees in the cryptocurrency bitcoin.

By midafternoon, breaches had been reported at computers governing the municipal energy company and airport in Ukraine’s capital, Kiev, the state telecommunications company Ukrtelecom, the Ukrainian postal service and the State Savings Bank of Ukraine. Payment systems at grocery stores were knocked offline, as well as the turnstile system in the Kyiv metro.

But it’s not just Ukraine that is getting hit. Bogdan Botezatu, an analyst from Bitdefender, tells the Associated Press, “A massive ransomware campaign is currently unfolding worldwide.”

It’s not clear whether or why the ransomware has suddenly become so much more potent, but Botezatu said that it was likely spreading automatically across a network, without the need for human interaction. Self-spreading software, often described as “worms,” are particularly feared because they can spread rapidly, like a contagious disease.

The BBC reports that computers in Britain, Russia, and Denmark were also being affected. Some the impacted companies have announced the problem on Twitter:

BBC reports that, in Russia, the Chernobyl nuclear power plant has “had to monitor radiation levels manually after Windows-based sensors were shut down.” Andrei Barysevich, from the security firm Recorded Future, tells the BBC this is likely to be the new normal:

Mr Barysevich said the attacks would not stop because cyber-thieves found them too lucrative.

“A South Korean hosting firm just paid $1m to get their data back and that’s a huge incentive,” he said. “It’s the biggest incentive you could offer to a cyber-criminal.”

So it’s the same reasoning that applies to terrorism. If you give them what they want now (money, in this case) you make it that much more likely that you will be asked to do so again in the future.