“Please remove all laptops from docking stations and keep turned off – no exceptions,” read a sign erected in the lobby of DLA Piper’s Washington DC office.
The attacks come two months after another global ransomware assault, known as Wannacry, which caused major problems for the UK’s National Health Service.
What is Petya/Petrwrap?
By: Prof Alan Woodward, University of Surrey
Petya is a type of ransomware that appeared in early 2016 and returned to a trick first seen in the early 1990s, whereby criminals do not encrypt all the files on your computer but instead they attack a part of the operating system called the Master File Table (MFT).
The MFT is essential for the system to know where to find files on the computer, so it has the same effect as if each file had been locked separately.
The big difference is that it is very much faster to attack the MFT than to encrypt each file separately.
In early 2017, a new form of Petya, dubbed Petrwrap, emerged which built on Petya but it corrected some of the weaknesses in the original code that allowed security companies to help people unlock their systems.
Whilst Petrwarp is detectable by antivirus checkers, if it manages to gain a foothold before it is stopped its encryption is so strong that you are unlikely to be able to break through to recover your files.
Now it appears that whilst the initial attack is probably still via something such as an infected spreadsheet arriving in an email, it can spread, at least in part, across a network using what appears to be the same weakness as was used in the Wannacry ransomware outbreak.
Veteran security expert Chris Wysopal from Veracode said the malware seemed to be spreading via some of the same Windows code loopholes exploited by Wannacry. Many firms did not patch those holes because Wannacry was tackled so quickly, he added.
Those being caught out were also industrial firms that often struggled to apply software patches quickly.
“These organisations typically have a challenge patching all of their machines because so many systems cannot have down time,” he said. “Airports also have this challenge.”
Copies of the virus have been submitted to online testing systems that check if security software, particularly anti-virus systems, were able to spot and stop it.
“Only two vendors were able to detect it so many systems are defenceless if they are unpatched and relying on anti-virus,” he said.
Ukraine seems to have been particularly badly hit this time round.
Reports suggest that the Kiev metro system has stopped accepting payment cards while several chains of petrol stations have suspended operations.
Ukraine’s deputy prime minister has tweeted a picture appearing to show government systems have been affected.
His caption reads: “Ta-daaa! Network is down at the Cabinet of Minister’s secretariat.”