On 27 June 2017, it happened again; a new Trojan created essentially to cause harm although everyone was still talking about “WannaCry”. That time, Chernobyl was affected too. Windows computers at the plant had to be turned off, and inspectors were forced to check radiation levels using portable devices. A brief look back at the events: In early May, those behind the “WannaCry” Trojan had begun their attempts to blackmail numerous corporations, among them the Deutsche Bahn. The blackmailers had disabled the computers of those who were affected and demanded payment in Bitcoins (the digital currency). They maintained they would not release the computer systems unless they were paid as demanded.
Yesterday, many international corporations were affected once again; their computer systems disabled, and their phones malfunctioning. The IT security company Kaspersky in Russia and Ukraine were affected most. There were systems suffering as well in Germany, Poland, Italy, Great Britain and France. In the meantime, there have been attacks reported even in the U.S. The blackmailers demanded again Bitcoin payments, exactly as the case had been with “WannaCry”. The data of those unwilling to pay would otherwise remain encrypted.
The experts at the moment neither agree on the type of Trojan nor on the likelihood of it being a new Trojan at all. The ransomware “Petya” that caused a lot of damages last year is among suspects being considered, as is a variation of “GoldenEye”.
The Ukrainian accounting software MEDoc is presumed to have begun circulating the Trojan on Tuesday morning during an update. The company has confirmed in the meantime that they too have been affected by the malware. The Romanian security firm Bitdefender on the other hand believes the malware is actually a program that is able to spread on its own.
Ukraine is believed to have been the country most affected. Malfunctions and breakdowns were reported there by the aircraft manufacturer Antanow, as well as by banks, national power supply companies, and the Kiev airport.
German corporations suffered the ramifications of the Trojan as well. At the company Beiersdorf in Hamburg, telephone systems and computers broke down.
The authorities investigating the situation are not yet certain what malware is responsible for the damages. Europol and the French law enforcement agencies as well as the Ukrainian police in charge of cybercrime are looking into the matter. We are anxious to see how the situation will develop.
It was announced in the evening that a kill switch had already been found capable of terminating the ransomware. According to security researcher Amit Serper (posted on Twitter) you only need to create a file called perfc without an extension in the “C:\Windows” directory. When the malware finds this file, it no longer activates.
Urheberrecht Bild: Fotolia.com – © Rafal Olechowski