Global cyberattack affects many, including Merck, and may be worse than initially thought
The latest cyberattack, initially suspected as a ransomware attack — ‘Petya’, has hit multiple organisations across Europe and the US, including drug company Merck, which confirmed its network was compromised on Tuesday.
Using its Twitter account, Merck confirmed it had been compromised and stated that it had ‘immediately shut down IT systems as a precautionary measure to help contain the problem’ and has moved to continuity plans, where required, to ensure ongoing operations.
In a report from Fortune a spokesperson from Merck revealed that an investigation is being performed by the company but as of yet no further details, other than what has been revealed on Twitter, are available.
Initial reports about the global cyberattack, from various newsrooms, implicated a form of the ransomware ‘Petya’, originating from the Ukraine, as being the culprit. However, a report from Ars Technica last night claims the attack may be something worse than ransomware and may in fact be malware that permanently destroys data.
Ransomware effectively immobilises computer systems until a ransom is paid. Once the money has been received by the attackers, usually via an email confirmation of payment, a decryption key is sent so the system can be unlocked.
However, researchers from cyber security firm Kaspersky Labs revealed in a blog that upon further analysis Tuesday’s attack was due to ‘a new ransomware that has not been seen before’.
“After an analysis of the encryption routine of the malware used in the Petya/ExPetr attacks, we have thought that the threat actor cannot decrypt victims’ disk, even if a payment was made,” wrote Anton Ivanov and Orkhan Mamedov of Kaspersky Labs, in their blog. “This supports the theory that this malware campaign was not designed as a ransomware attack for financial gain. Instead, it appears it was designed as a wiper pretending to be ransomware.”
“What does it mean? Well, first-of-all, this is the worst-case news for the victims — even if they pay the ransom they will not get their data back. Secondly, this reinforces the theory that the main goal of the ExPetr attack was not financially motivated, but destructive.”