A new ransomware strain is seemingly using a leaked NSA cyberweapon to race around the planet

Petya is a well-known ransomware app that has attained a new, deadly virulence, with thousands of new infection attempts hitting Kaspersky Lab's honeypots; security firm Avira attributes this new hardiness to the incorporation of EternalBlue — the same NSA cyberweapon that the Wannacry ransomware used, which was published by The Shadow Brokers hacker group — into a new Petya strain.

The attacks have shut down Spanish law firm DLA Piper, Ukrainian media company 24tv and other companies around the world.


As with Wannacry, the ransomware appears to be operated by petty criminals who demand a mere $300 in Bitcoin to unlock the affected system. This may reflect the scattergun nature of the attack, which compromises deep-pocketed victims and broke individuals alike — pricing the ransom in the thousands of dollars would mean that many of the more vulnerable victims would be unable to pay, and might also prompt the better-resourced victims to opt for a more time-consuming response like rebuilding their systems from backup, rather than paying up.


Security researchers from Kaspersky Lab reported that the ransomware hit Russia, Ukraine, Spain, France, among others. Several people on Twitter reported witnessing or hearing reports of the outbreak in their respective countries, and across a wide range of industries. Companies around the world also reported computer outages.

Hours after the initial outbreak, Rob Wainwright, the executive director of Europol said in a tweet the European law enforcement agency was "urgently responding" to "another major ransomware attack" across Europe.

Chris Sistrunk, a security researcher at Mandiant, said that it looks like there's "another global outbreak attack."

A Ransomware Outbreak Is Infecting Computers Across the World Right Now
[Joseph Cox and Lorenzo Franceshi-Bicchierai]