Petya cyberattack spreads to 64 countries

The Petya cyberattack, first reported two days ago, has now spread to 64 countries, including Belgium, Brazil, Germany, Russia, and the US, according to a security update from Microsoft. The first infections were seen in Ukraine, where more than 12,500 machines encountered the threat.

According to the Microsoft update, rumours that the initial infection involved a software supply-chain threat involving the Ukrainian company M.E.Doc, which develops tax accounting software called MEDoc, now appear to be true.

Microsoft said it now has evidence that a few active infections of the ransomware initially started from the legitimate MEDoc updater process. It said it observed telemetry showing the MEDoc software updater process executing a malicious command-line matching this exact attack pattern on Tuesday, June 27 around 10:30 a.m. GMT.

The attack is aimed at Windows PCs. The malicious software exploits a vulnerability in Microsoft Windows called EternalBlue and spreads quickly through an enterprise once one computer is infected. It can also infect machines not vulnerable to the EternalBlue vulnerability by using a hacking tool called Mimikatz to extract passwords from other computers on the same network.

Once inside the PCs, Petya encrypts users’ files and demands a ransom payment of $300 (£231) worth of Bitcoin to unlock them. It is thought there have been 36 payments of the ransom to date. WPP, food company Mondelez and Danish transport firm Maersk are among the big companies caught up in the attack.

Don’t forget to enter the Effective Mobile Marketing Awards. The Early Bird deadline for submissions is 22 July. More details here.