The computer virus that is affecting companies and institutions around the world is a new variant of ransomware called Nyetya — WannaCry’s bad cousin — according to networking and security major Cisco.
The new cyber attack started massively affecting dozens of companies and institutions in the world, beginning with Russia and Ukraine on Tuesday, and now spreading to Asia and Australia on Wednesday. Cisco’s Talos cyber security division reported that its research shows that this strain of computer virus uses the same Eternal Blue exploit – a vulnerability used by the US National Security Agency (NSA) – and other weaknesses of Microsoft’s operating system to spread.
Nyetya is also very similar to WannaCry, the ransomware that affected 200,000 people in 150 countries in May, encrypting data on infected computers and asking for a ransom to recover them, said Talos cybersecurity executive Craig Williams. However, in the case of the virus emerging on Tuesday, which is quite “different” from the Petya virus, its infection “will spread very quickly if the ‘bad guys’ behind it decide to do so,” Williams said.
The threat does not have “a known, viable external spreading mechanism – such as the Internet,” so “it is possible that some infections may be associated with software update systems for a Ukrainian tax accounting package called MeDoc”, according to Williams.