Another widespread ransomware attack is threatening to wreak havoc across the world.
Businesses and governments have been hit with a variation of the Petya ransomware, malware that holds crucial files hostage. The malware is demanding $300 in bitcoin to regain access.
The new ransomware has been identified by Bitdefender as GoldenEye, and it has two layers of encryption, researchers said — locking up both your files and your computer’s file system.
“Just like Petya, it is particularly dangerous because it doesn’t only encrypt files, it also encrypts the hard drive as well,” Bogdan Botezatu, a senior threat analyst with Bitdefender said.
The malware will also force your infected PC to reboot as soon as it finishes encrypting files, so victims will see the ransom demands as soon as possible.
This is the second global ransomware attack in the last two months, after the WannaCry outbreak, locking up hospitals, banks and universities. Like WannaCry, GoldenEye and Petya only affect Windows operating systems.
Government agencies in Ukraine, along with financial firms, banks and a power distributor, were hit by an attack on Tuesday morning. Russia’s largest oil exporter Rosneft was also slammed with a cyberattack on its servers, it said.
More than half of the attacks were in Ukraine, according to Costin Raiu, director of global research at Kaspersky Lab.
Ukrainian Prime Minister Volodymyr Groysman called the attack “unprecedented,” but also said crucial IT systems were unaffected by the malware.
“Our IT experts are doing their work and protecting strategic infrastructure,” Groysman said in a post on Facebook.
Rosneft said the cyberattack did not affect its oil production because it had switched to a reserve control system.
US-based pharmaceuticals giant Merck said Tuesday that its computer network was “compromised as part of [the] global hack.”
A.P. Moller-Maersk, the world’s largest shipping company, said it suffered a cyberattack on Monday morning, taking down multiple IT systems.
IT systems for WPP, one of the world’s largest advertising agencies, also were affected by a cyberattack on Monday morning.
Researchers from Symantec confirmed that the GoldenEye ransomware used EternalBlue, the NSA exploit that fueled WannaCry’s spread. So far, more than $2,500 has been paid to the attacker’s bitcoin wallet in nine payments.
It’s still unclear who is behind Monday’s attacks. Researchers still have not found the hackers behind WannaCry, though the NSA has linked the attack to North Korea.
This is a breaking news story. Please continue to check for updates.
It’s Complicated: This is dating in the age of apps. Having fun yet? These stories get to the heart of the matter.
CNET en Español: Get all your tech news and reviews in Spanish.