A new ransomware campaign of uncertain origin is hitting targets in Europe today, and it has begun to appear elsewhere. Ukraine is particularly affected, with banks (including ATMs), many government offices, and electrical utility networks (including those engaged in monitoring radiation levels at the former power plant in Chernobyl) suffering heavily. The Russian oil firm Rosneft also reports being affected (and has expressed the hope that the attack isn't connected to ongoing legal disputes with its domestic rival Sistema).
Group-IB believes the attacks on Ukraine and Rosneft were simultaneous and coordinated. Kaspersky and Flashpoint think they're observing signs of the Petya (a.k.a. Petrwrap) strain of ransomware in the attacks.
Other major infestations are reported by the Danish shipping concern A.P. Moller-Maersk, pharmaceutical company Merck (this in the US), Deutsche Post (its operations in Ukraine), and British ad agency WPP. More are sure to come.
The ransom note's text has appeared in English, but Ukrainian authorities blame Russian hackers, especially since the attack coincides with tomorrow's observance in Ukraine of Constitution Day. On this interpretation the attack's spread is due either to the inherently difficult-to-control nature of malware, deliberate misdirection, or willingness to take such targets of opportunity as present themselves.
Observers of last week's hack of Parliament's emails in the UK note poor password discipline, and point out the cognitive dissonance implicit in HM Government's push for backdoors when Westminster's email system was so easily pwned.
ISIS defacements of government webpages in Ohio are joined by similar vandalism in Maryland.