Another widespread ransomware attack is threatening to wreak havoc across the world.
Businesses and government agencies have been hit with a variation of the Petya ransomware -- that is, malware that holds crucial files hostage. The malware is demanding $300 in bitcoin before victims can regain access.
Security experts are warning that a quick-spreading new ransomware attack may have more tricks up its sleeve than the previous WannaCry software that crippled thousands of computers worldwide last month.
The new strain, which has similarities to a well-known software called Petya but may be a modified or wholly new version, has already caused a significant amount of damage in Europe and has moved to the US.
Companies, services and individuals in Australia — especially those whose computers are connected to big networks but have not received security updates in some time — are at risk of having their files locked and held to ransom once businesses get started this morning.
Several prominent companies and services across the globe have already been impacted by this new ransomware, with computers locked up and displaying a distinctive red block of text asking for payment in Bitcoin. In Australia, local arms of international companies that have been affected are scrambling to stop the infection spreading.
Spanish food giant Mondelez is among those hit, with its shutdown of all IT systems reportedly affecting the Cadbury factory it operates in Hobart. Australian staff at global law firm DLA Piper are facing similar troubles, told to come in to work as usual but to avoid turning on or using any computers.
While numerous European and American companies have been hit, the most damage so far appears to have been done in the Ukraine, where the state power company and main airport were among the first to report issues.
The BBC is reporting that even the Chernobyl nuclear power plant has been hit, with staff being forced to monitor radiation levels manually after the computers that run the plant's sensors were impacted.
Security software vendor McAfee said that the modified Petya attack had more potential to hit the general public than WannaCry, but that it had so far been mainly detected in business environments. It said it had various samples in analysis to try and work out exactly how the new strain operates.
Kaspersky Lab believes the strain is a "new ransomware that has not been seen before", despite its strong resemblance to Petya. It has dubbed the new software NotPetya.
Regardless the new ransomware is tied to WannaCry, with several security firms confirming that it uses the same Windows vulnerability to spread through computer systems. First revealed publicly in April, this vulnerability known as Eternal Blue was patched by Microsoft in March, so any computer set to automatically install security updates is protected.
However some businesses that use specialised software don't keep their computers up to date, as it can be costly to fix compatibility issues at large scale. Many of those businesses were hit by WannaCry, and anyone who still hasn't installed the appropriate security updates may be at risk from this new attack as well.
Also at risk are embedded computer systems — for example those that run public infrastructure — which are often connected to networks but not updated. As recently as last week, speed cameras in Victoria were seen to be impacted by WannaCry.
While there are indications that the new Petya has more ways to move around inside a network than WannaCry had, it's likely these also make use of known vulnerabilities that have been patched. Until it has been fully investigated, it's difficult to say whether some systems protected against WannaCry might still be vulnerable to the new form of Petya.
While there are still a lot of details that experts are yet to uncover — including the identity of the criminals that released the attack, how the software initially breaches a computer or any other known vulnerabilities it may be exploiting — many are advising users to guard against Petya in the same way they did WannaCry: make sure the most recent Windows security updates are installed, and be vigilant in regular cyber hygiene practices including maintaining backups of your files, and not opening suspicious emails or clicking unfamiliar links.