For the second time in just as many months, computer malware has been infecting PCs of consumers, businesses and government institutions around the world at a rapid pace, encrypting files and demanding ransom payments to unlock the data again. The latest such ransomware outbreak started in the Ukraine, but has since spread to Western Europe, the U.S., Asia, and South America.
One of the companies hit hardest by the attack was shipping giant A.P. Moller-Maersk, which shut down its operations at the port of Los Angeles as well as in New York, Mumbai, and Rotterdam. Russia’s state-owned oil company Rosneft also fell victim to the attack, as did ad company WPP, Fedex TNT, and pharma giant Merck, according to reports and statements issued by the affected companies.
The ransomware in question once again targeted Windows PC, and primarily succeeded in infecting older versions of Windows that may not have gotten the latest security updates. Anti-virus software vendor Avast estimated Tuesday that more than 38 million PCs worldwide could be vulnerable to the attack used by the software.
However, initial reports seem to suggest that fewer PCs were infected than in May, when a ransomware called WannaCry knocked out more than 200,000 computers worldwide within hours.
It’s unknown who has been behind the newest attack. The new ransomware encrypted the data of infected PCs,a nd then asked victims to pay $300 in Bitcoin to regain access to this data. However, an email address necessary to communicate with the hackers to facilitate this exchange was quickly shut down Tuesday.
Just like in May, the malware once again used a vulnerability first discovered by a contractor hired by the NSA. U.S. spies had been stockpiling cyber weapons for some time to use against possible adversaries. However, the NSA but saw its digital weapons cache leak online earlier this year after hackers had broken into the agency’s computer networks. Microsoft subsequently renounced the NSA’s practice of stockpiling this kind of exploits without giving tech companies a chance to fix vulnerabilities.