A self-replicating ransomware outbreak similar to the WannaCry attack in May disrupted businesses across the globe Tuesday, including shipping giant Maersk and law firm DLA Piper.
While no official complaints about the so-called Petya attack were filed in the Cayman Islands, the police service advised systems administrations to take precautions against the malware and address potential holes in their security plans.
“Organizations should take all steps necessary to patch these vulnerabilities and ensure that their firewall and antivirus subscriptions are up-to-date,” a Royal Cayman Islands Police Service spokesperson said.
Analysis from Deloitte’s risk advisory team in Grand Cayman indicated the attack reached users in Brazil, Canada, the Ukraine, Russia, Spain, Belarus, Germany, Italy, France, Poland, India and the Netherlands.
Maersk confirmed its IT systems were taken down Tuesday by the attack, affecting multiple locations and confusing port activity across continents.
Other impacted businesses included drug-maker Merck, U.K. advertising firm WPP and food company Mondelez International.
Like WannaCry, Petya uses the U.S. National Security Agency’s EternalBlue exploit leaked earlier this year by the “Shadow Brokers” group. The malware takes advantage of remote execution vulnerabilities in older Microsoft systems to spread from computer to computer.
Unlike WannaCry, Petya does not contain an obvious kill-switch. The attack surpassed WannaCry in sophistication in several aspects. It incorporates another NSA exploit, EternalRomance, and a hacking tool used to extract passwords from infiltrated networks.
While Microsoft has released patches for both exploits, systems that have not or cannot be updated remain vulnerable.
RCIPS encouraged businesses to report attacks to enable law enforcement to track threats. The service did not offer advice as to whether hacking victims should pay ransoms.
The Petya attack demanded users pay US$300 in bitcoin to recover encrypted files. The email address provided for payment was shut after several hours, however, indicating that many victims who paid the ransom could not retrieve their data.
Following the attack at DLA Piper, the law firm notified the U.S. Federal Bureau of Investigations and the UK National Crime Agency.
A Deloitte risk advisory manager indicated Petya is just one of many recent ransomware alerts. Other recent programs include SamSam, Locky, a new TeslaWare virus, and Shifr program, currently in development.
Small shipping company Karatzas Marine Advisors, with business ties in Grand Cayman, said the attack did not disrupt its service but did prompt concern about the vulnerability of maritime operations.
“I do think that shipping necessarily was the target. They seem to hit different industries, and definitely Maersk is a very visible target in the shipping industry,” CEO Basil Karatzas said.
He pointed to other attacks directed at the shipping industry, including hacks into the navigation equipment of super-yachts and commercial vessels.
“It’s a concerning developing overall for our society, and not [just] necessarily for shipping. However, with shipping, it could easily have huge impact on everyday life,” he said.