Multiple news sources are reporting the global spread of Petya ransomware.

According to some reports, the attack originated in the Ukraine where banks, energy companies, an airport and its metro network were affected.

In its spread across the globe, infections have been reported at the Danish shipping and energy company Maersk, British advertiser WPP and Russian oil industry company Rosnoft.

Maersk's home page displayed this message: "We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyberattack. We continue to assess the situation. The safety of our employees, our operations and customer's business is our top priority. We will update when we have more information."

Nick Bilogorskiy, Cyphort's senior director of threat operations, stated: "This is what Petya is, an older ransomware family that has been given a new life by embedding a way to self-replicate over SMB using Eternal Blue exploit."

According to some reports, nine victims have so far forked over the $300 ransom.

Cyber-security firm, Recorded Future, has reported that it is now spreading to the U.S. An advertising company, WPP, confirmed that they have fallen victim to the ransomware and employees have been instructed to unplug their computers.

Javvad Malik, security advocate at AlienVault, reports that the malware seems to be “spreading via EternalBlue, the NSA vulnerability that was leaked by Shadowbrokers and spreads via the SMB1 protocol."

A fix for the vulnerability has been released several time, however, many have not applied it.

Source: SCMagazine